Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Axle Counter

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-26342
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 18:41
Updated-24 Feb, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Action-Not Available
Vendor-Tattile s.r.l.
Product-Vega53Basic MK2ANPR MobileSmart+ SpeedVega11Vega33Smart+Tolling+Axle CounterSmart+ Traffic Light
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-26341
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-24 Feb, 2026 | 18:40
Updated-24 Feb, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Action-Not Available
Vendor-Tattile s.r.l.
Product-Vega53Basic MK2ANPR MobileSmart+ SpeedVega11Vega33Smart+Tolling+Axle CounterSmart+ Traffic Light
CWE ID-CWE-1392
Use of Default Credentials
CVE-2026-26340
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 18:40
Updated-24 Feb, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.

Action-Not Available
Vendor-Tattile s.r.l.
Product-Vega53Basic MK2ANPR MobileSmart+ SpeedVega11Vega33Smart+Tolling+Axle CounterSmart+ Traffic Light
CWE ID-CWE-306
Missing Authentication for Critical Function