Home
CRITICAL: 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Problem types
CWE-1392 Use of Default Credentials
Product status
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Credits
Gjoko Krstic of Zero Science Lab
References
www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php
www.tattile.com/
www.vulncheck.com/...le-smart-vega-basic-default-credentials