Sign In
Advisories

Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Go Back
severity
critical
date
Affecting

  • Smart+ <= 1.181.5

  • Tolling+ <= 1.181.5

  • Smart+ Speed <= 1.181.5

  • Smart+ Traffic Light <= 1.181.5

  • Axle Counter <= 1.181.5

  • Vega53 <= 1.181.5

  • Vega33 <= 1.181.5

  • Vega11 <= 1.181.5

  • Basic MK2 <= 1.181.5

  • ANPR Mobile <= 1.181.5

CWE
  • CWE-1392 Use of Default Credentials
CVSS
9.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
Gjoko Krstic of Zero Science Lab
Description
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.
Schedule a Demo