Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Published: 2026-02-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Persistent Unauthorized Access via unused session tokens
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an insufficiently short‑lived authentication token (X-User-Token) implemented in firmware versions 1.181.5 and earlier of Tattile Smart+, Vega, and Basic device families. A token once issued can be reused until a manual revocation, so an attacker who obtains a valid token—by intercepting traffic, reading logs, or reusing a token on a shared system—can authenticate to the device’s management interface indefinitely. The flaw amounts to a failure to properly enforce session token expiration (CWE‑613) and enables sustained unauthorized access to device functions and data.

Affected Systems

Affected vendors and products are Tattile s.r.l.’s Smart+, Vega, Basic MK2, ANPR Mobile, Axle Counter, Smart+ Speed, Smart+ Traffic Light, Tolling+, Vega11, Vega33, and Vega53. Firmware versions 1.181.5 and earlier in all these devices are vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity with potential impact on confidentiality, integrity, and availability. The EPSS score is reported as less than 1 %, suggesting that exploitation is currently rare but possible. This vulnerability is not listed in the CISA KEV catalog, so no publicly known active exploits have been reported. An attacker would typically need to capture or otherwise acquire a valid token—possible through network sniffing, log file access, or token reuse on a shared machine—and then use that token to continue authenticating to management services. Because the token persists until explicit revocation, the attack can be sustained over an extended period without further interaction, raising the risk to operational continuity.

Generated by OpenCVE AI on April 16, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to version 1.181.6 or later, which introduces proper session token expiration and a revocation mechanism.
  • Limit management interface access to a restricted set of trusted IP addresses or subnets using firewall or access control lists.
  • Audit and secure storage of authentication tokens and log files to prevent leakage; enforce secure deletion of token materials after logout, and rotate tokens regularly.

Generated by OpenCVE AI on April 16, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Iptime
Iptime smart Firmware
CPEs cpe:2.3:o:iptime:smart_firmware:*:*:*:*:*:*:*:*
Vendors & Products Iptime
Iptime smart Firmware

Fri, 27 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Tattile anpr Mobile Firmware
Tattile axle Counter Firmware
Tattile basic Mk2 Firmware
Tattile smart\+
Tattile smart\+ Firmware
Tattile smart\+ Speed
Tattile smart\+ Speed Firmware
Tattile smart\+ Traffic Light
Tattile smart\+ Traffic Light Firmware
Tattile tolling\+
Tattile tolling\+ Firmware
Tattile vega11 Firmware
Tattile vega33 Firmware
Tattile vega53 Firmware
CPEs cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:smart\+:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:smart\+_speed:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:smart\+_traffic_light:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:tolling\+:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:*
cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:*
cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:smart\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:smart\+_traffic_light_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:tolling\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tattile anpr Mobile Firmware
Tattile axle Counter Firmware
Tattile basic Mk2 Firmware
Tattile smart\+
Tattile smart\+ Firmware
Tattile smart\+ Speed
Tattile smart\+ Speed Firmware
Tattile smart\+ Traffic Light
Tattile smart\+ Traffic Light Firmware
Tattile tolling\+
Tattile tolling\+ Firmware
Tattile vega11 Firmware
Tattile vega33 Firmware
Tattile vega53 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 26 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Tattile
Tattile anpr Mobile
Tattile axle Counter
Tattile basic Mk2
Tattile smart+
Tattile smart+ Speed
Tattile smart+ Traffic Light
Tattile tolling+
Tattile vega11
Tattile vega33
Tattile vega53
Vendors & Products Tattile
Tattile anpr Mobile
Tattile axle Counter
Tattile basic Mk2
Tattile smart+
Tattile smart+ Speed
Tattile smart+ Traffic Light
Tattile tolling+
Tattile vega11
Tattile vega33
Tattile vega53

Tue, 24 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Description Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Title Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Weaknesses CWE-613
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Iptime Smart Firmware
Tattile Anpr Mobile Anpr Mobile Firmware Axle Counter Axle Counter Firmware Basic Mk2 Basic Mk2 Firmware Smart+ Smart+ Speed Smart+ Traffic Light Smart\+ Smart\+ Firmware Smart\+ Speed Smart\+ Speed Firmware Smart\+ Traffic Light Smart\+ Traffic Light Firmware Tolling+ Tolling\+ Tolling\+ Firmware Vega11 Vega11 Firmware Vega33 Vega33 Firmware Vega53 Vega53 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:31:07.547Z

Reserved: 2026-02-13T17:28:43.054Z

Link: CVE-2026-26342

cve-icon Vulnrichment

Updated: 2026-02-26T19:57:38.964Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T20:27:48.310

Modified: 2026-02-27T03:10:51.703

Link: CVE-2026-26342

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:30:15Z

Weaknesses