Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26341

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-24 Feb, 2026 | 18:40
Updated At-24 Feb, 2026 | 21:33
Rejected At-
Credits

Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:24 Feb, 2026 | 18:40
Updated At:24 Feb, 2026 | 21:33
Rejected At:
▼CVE Numbering Authority (CNA)
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Affected Products
Vendor
Tattile s.r.l.
Product
Smart+
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Tolling+
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Smart+ Speed
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Smart+ Traffic Light
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Axle Counter
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Vega53
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Vega33
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Vega11
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
Basic MK2
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Vendor
Tattile s.r.l.
Product
ANPR Mobile
Default Status
unaffected
Versions
Affected
  • From 0 through 1.181.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1392CWE-1392 Use of Default Credentials
Type: CWE
CWE ID: CWE-1392
Description: CWE-1392 Use of Default Credentials
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Gjoko Krstic of Zero Science Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php
technical-description
exploit
https://www.tattile.com/
product
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials
third-party-advisory
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php
Resource:
technical-description
exploit
Hyperlink: https://www.tattile.com/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:24 Feb, 2026 | 20:27
Updated At:24 Feb, 2026 | 21:52

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-1392Primarydisclosure@vulncheck.com
CWE ID: CWE-1392
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.tattile.com/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentialsdisclosure@vulncheck.com
N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.phpdisclosure@vulncheck.com
N/A
Hyperlink: https://www.tattile.com/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2026-26366
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.85%
||
7 Day CHG-0.04%
Published-15 Feb, 2026 | 15:29
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

Action-Not Available
Vendor-JUNG
Product-eNet SMART HOME server
CWE ID-CWE-1392
Use of Default Credentials
CVE-2021-47707
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:39
Updated-12 Dec, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.

Action-Not Available
Vendor-COMMAX Co., Ltd.
Product-COMMAX CVD-Axx DVR
CWE ID-CWE-1392
Use of Default Credentials
CVE-2022-50803
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 22.66%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-05 Jan, 2026 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JM-DATA ONU JF511-TV 1.0.67 Default Credentials Vulnerability

JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.

Action-Not Available
Vendor-JM-DATA ONU
Product-JF511-TV
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-10678
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 23.42%
||
7 Day CHG+0.02%
Published-20 Oct, 2025 | 15:41
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin with default credentials in NetBird VPN

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0

Action-Not Available
Vendor-NetBird VPN
Product-NetBird
CWE ID-CWE-1392
Use of Default Credentials
CVE-2024-12286
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.32% / 54.45%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:40
Updated-11 Dec, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOBATIME Network Master Clock has a use of default credentials vulnerability

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

Action-Not Available
Vendor-MOBATIME
Product-Network Master Clock - DTS 4801
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-34516
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.18% / 39.10%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 17:52
Updated-28 Nov, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Action-Not Available
Vendor-ileviaIlevia Srl.
Product-eve_x1_servereve_x1_server_firmwareEVE X1 Server
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-35042
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.3||CRITICAL
EPSS-0.13% / 32.91%
||
7 Day CHG-0.08%
Published-22 Sep, 2025 | 15:57
Updated-19 Dec, 2025 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Airship AI Acropolis default credentials

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.

Action-Not Available
Vendor-airship.aiAirship AI
Product-acropolisAcropolis
CWE ID-CWE-1392
Use of Default Credentials
CVE-2018-25147
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:27
Updated-26 Jan, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Action-Not Available
Vendor-microhardcorpMicrohard Systems
Product-vip4gb_wifi-n_firmwaredragon-ltebullet-3gipn3gbipn3giibulletplusipn3gii_firmwareipn4giiipn3gb_firmwareipn4gii_firmwaredragon-lte_firmwarebullet-lteipn4gbulletplus_firmwarevip4gbvip4gb_firmwareipn4g_firmwarebullet-3g_firmwarevip4gb_wifi-nipn4gbipn4gb_firmwarebullet-lte_firmwareMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials
CWE ID-CWE-1392
Use of Default Credentials
Details not found