Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
Published:
2026-02-24
Score:
8.7 High
EPSS:
< 1% Very Low
KEV:
No
Impact:
Unauthorized Disclosure of Live Surveillance Streams
Action:
Immediate Patch
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Tattile s.r.l. | Smart+ | unaffected |
|
||||||
| Tattile s.r.l. | Tolling+ | unaffected |
|
||||||
| Tattile s.r.l. | Smart+ Speed | unaffected |
|
||||||
| Tattile s.r.l. | Smart+ Traffic Light | unaffected |
|
||||||
| Tattile s.r.l. | Axle Counter | unaffected |
|
||||||
| Tattile s.r.l. | Vega53 | unaffected |
|
||||||
| Tattile s.r.l. | Vega33 | unaffected |
|
||||||
| Tattile s.r.l. | Vega11 | unaffected |
|
||||||
| Tattile s.r.l. | Basic MK2 | unaffected |
|
||||||
| Tattile s.r.l. | ANPR Mobile | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Tattile | Anpr Mobile | 100% |
|
||||||||
| Tattile | Axle Counter | 100% |
|
||||||||
| Tattile | Basic Mk2 | 100% |
|
||||||||
| Tattile | Smart+ | 100% |
|
||||||||
| Tattile | Smart+ Speed | 100% |
|
||||||||
| Tattile | Smart+ Traffic Light | 100% |
|
||||||||
| Tattile | Tolling+ | 100% |
|
||||||||
| Tattile | Vega11 | 100% |
|
||||||||
| Tattile | Vega33 | 100% |
|
||||||||
| Tattile | Vega53 | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 05 Mar 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Iptime
Iptime smart Firmware |
|
| CPEs | cpe:2.3:o:iptime:smart_firmware:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Iptime
Iptime smart Firmware |
Thu, 26 Feb 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tattile anpr Mobile Firmware
Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware |
|
| CPEs | cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+_speed:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:smart\+_traffic_light:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:tolling\+:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:* cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:* cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:smart\+_traffic_light_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:tolling\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Tattile anpr Mobile Firmware
Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware |
|
| Metrics |
cvssV3_1
|
Wed, 25 Feb 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tattile
Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53 |
|
| Vendors & Products |
Tattile
Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53 |
Tue, 24 Feb 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 24 Feb 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data. | |
| Title | Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
Iptime
Subscribe
Smart Firmware
Subscribe
Tattile
Subscribe
Anpr Mobile
Subscribe
Anpr Mobile Firmware
Subscribe
Axle Counter
Subscribe
Axle Counter Firmware
Subscribe
Basic Mk2
Subscribe
Basic Mk2 Firmware
Subscribe
Smart+
Subscribe
Smart+ Speed
Subscribe
Smart+ Traffic Light
Subscribe
Smart\+
Subscribe
Smart\+ Firmware
Subscribe
Smart\+ Speed
Subscribe
Smart\+ Speed Firmware
Subscribe
Smart\+ Traffic Light
Subscribe
Smart\+ Traffic Light Firmware
Subscribe
Tolling+
Subscribe
Tolling\+
Subscribe
Tolling\+ Firmware
Subscribe
Vega11
Subscribe
Vega11 Firmware
Subscribe
Vega33
Subscribe
Vega33 Firmware
Subscribe
Vega53
Subscribe
Vega53 Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-03-05T01:31:05.967Z
Reserved: 2026-02-13T17:28:43.053Z
Link: CVE-2026-26340
Vulnrichment
Updated: 2026-02-24T21:34:01.926Z
NVD
Status : Analyzed
Published: 2026-02-24T20:27:47.793
Modified: 2026-02-26T17:38:44.440
Link: CVE-2026-26340
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-16T16:30:15Z
Weaknesses