GCVE - cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Tattile (`7a9fbb55-5578-5061-87a8-ee46ee395acd`)
Product	Anpr Mobile Firmware (`445524bc-d339-5bd7-8c3c-f7953e2a10fd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-26342`	vulnerable	2026-06-03 15:18:05.614759	Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data. Published: 2026-02-24T18:41:09.935Z Updated: 2026-03-05T01:31:07.547Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-26341`	vulnerable	2026-06-03 15:18:05.612235	Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data. Published: 2026-02-24T18:40:54.212Z Updated: 2026-03-05T01:31:06.767Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-26340`	vulnerable	2026-06-03 15:18:05.607787	Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data. Published: 2026-02-24T18:40:35.393Z Updated: 2026-03-05T01:31:05.967Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.php https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosure	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.