CVE-2026-26340 - Vulnerability Details

- Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

Description

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

Published: 2026-02-24

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The firmware of Tattile Smart+, Vega, and Basic device families up to version 1.181.5 exposes the Real Time Streaming Protocol (RTSP) service without any authentication. This flaw allows an attacker to connect to the RTSP endpoint and retrieve live video and audio streams, causing a direct breach of surveillance data confidentiality. The weakness is a Missing Authentication for Sensitive Function (CWE‑306).

Affected Systems

Vendors affected are Tattile s.r.l. products including ANPR Mobile, Axle Counter, Basic MK2, Smart+, Smart+ Speed, Smart+ Traffic Light, Tolling+, Vega11, Vega33, and Vega53. Firmware versions 1.181.5 and all earlier releases are vulnerable; newer firmware releases are not impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high severity, while the EPSS score is below 1%, suggesting a low but non‑zero exploitation probability. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is a remote network attacker able to reach the device’s RTSP service; full exploitation requires only network access to the default RTSP ports, and no additional credentials are needed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tattile s.r.l.

Smart+

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Tolling+

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Smart+ Speed

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Smart+ Traffic Light

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Axle Counter

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega53

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega33

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega11

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Basic MK2

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

ANPR Mobile

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Configuration 1 [-]

AND

cpe:2.3:o:tattile:smart\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tattile:tolling\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:tolling\+:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+_speed:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tattile:smart\+_traffic_light_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+_traffic_light:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tattile

Anpr Mobile

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Axle Counter

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Basic Mk2

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Smart+

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Smart+ Speed

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Smart+ Traffic Light

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Tolling+

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Vega11

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Vega33

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Tattile

Vega53

100%

Version	Status	Scheme	Platform
`[0,1.181.5]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware upgrade from Tattile that removes unauthenticated RTSP support or adds mandatory authentication
If an upgrade is not immediately available, restrict the RTSP service by applying firewall rules to block inbound access on the RTSP ports from untrusted networks
Configure any available authentication or encryption settings on the RTSP service to enforce credential checks

Generated by OpenCVE AI on April 16, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00836.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.tattile.com/
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.php

History

Thu, 05 Mar 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Iptime Iptime smart Firmware
CPEs		cpe:2.3:o:iptime:smart_firmware::::::::
Vendors & Products		Iptime Iptime smart Firmware

Thu, 26 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tattile anpr Mobile Firmware Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware
CPEs		cpe:2.3:h:tattile:anpr_mobile:-:::::::* cpe:2.3:h:tattile:axle_counter:-:::::::* cpe:2.3:h:tattile:basic_mk2:-:::::::* cpe:2.3:h:tattile:smart\+:-:::::::* cpe:2.3:h:tattile:smart\+_speed:-:::::::* cpe:2.3:h:tattile:smart\+_traffic_light:-:::::::* cpe:2.3:h:tattile:tolling\+:-:::::::* cpe:2.3:h:tattile:vega11:-:::::::* cpe:2.3:h:tattile:vega33:-:::::::* cpe:2.3:h:tattile:vega53:-:::::::* cpe:2.3:o:tattile:anpr_mobile_firmware:::::::: cpe:2.3:o:tattile:axle_counter_firmware:::::::: cpe:2.3:o:tattile:basic_mk2_firmware:::::::: cpe:2.3:o:tattile:smart\+_firmware:::::::: cpe:2.3:o:tattile:smart\+_speed_firmware:::::::: cpe:2.3:o:tattile:smart\+_traffic_light_firmware:::::::: cpe:2.3:o:tattile:tolling\+_firmware:::::::: cpe:2.3:o:tattile:vega11_firmware:::::::: cpe:2.3:o:tattile:vega33_firmware:::::::: cpe:2.3:o:tattile:vega53_firmware::::::::
Vendors & Products		Tattile anpr Mobile Firmware Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Wed, 25 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tattile Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53
Vendors & Products		Tattile Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53

Tue, 24 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
Title		Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Weaknesses		CWE-306
References		https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-unauthenticated-rtsp-stream-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5978.php
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Iptime Smart Firmware

Tattile Anpr Mobile Anpr Mobile Firmware Axle Counter Axle Counter Firmware Basic Mk2 Basic Mk2 Firmware Smart+ Smart+ Speed Smart+ Traffic Light Smart\+ Smart\+ Firmware Smart\+ Speed Smart\+ Speed Firmware Smart\+ Traffic Light Smart\+ Traffic Light Firmware Tolling+ Tolling\+ Tolling\+ Firmware Vega11 Vega11 Firmware Vega33 Vega33 Firmware Vega53 Vega53 Firmware

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-02-24T18:40:35.393Z

Updated: 2026-03-05T01:31:05.967Z

Reserved: 2026-02-13T17:28:43.053Z

Link: CVE-2026-26340

Vulnrichment

Updated: 2026-02-24T21:34:01.926Z

NVD

Status : Analyzed

Published: 2026-02-24T20:27:47.793

Modified: 2026-02-26T17:38:44.440

Link: CVE-2026-26340

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T16:30:15Z

Weaknesses

CWE-306

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object