PT-2026-21788 · Tattile · Tattile Smart++2
Gjoko Krstic
·
Published
2026-02-24
·
Updated
2026-02-26
·
CVE-2026-26340
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tattile Smart+ versions prior to 1.181.6
Tattile Vega versions prior to 1.181.6
Tattile Basic versions prior to 1.181.6
Description
The firmware on Tattile Smart+, Vega, and Basic device families, versions 1.181.5 and earlier, allows unauthorized access to Real Time Streaming Protocol (RTSP) streams. An attacker can connect to the RTSP service without providing valid credentials and access live video and audio feeds, leading to the disclosure of surveillance data.
Recommendations
Update Tattile Smart+ to a version later than 1.181.5.
Update Tattile Vega to a version later than 1.181.5.
Update Tattile Basic to a version later than 1.181.5.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tattile Basic
Tattile Smart+
Tattile Vega