Volerion logoVolerion
Volerion logoVolerion

Tattile Cameras Unauthenticated RTSP Stream Access Vulnerability

Vulnerability

A vulnerability exists in Tattile Smart+, Vega, and Basic device families, all firmware versions through 1.181.5, allowing unauthorized access to RTSP streams. This flaw enables remote attackers to connect to the RTSP service and access live video and audio feeds without authentication, leading to unauthorized disclosure of surveillance data.

Impact

Exploitation of this vulnerability allows for unauthorized access to live video and audio streams, resulting in the unauthorized disclosure of surveillance data.

Reproduction

The vulnerability can be reproduced by connecting to the RTSP service of the affected Tattile devices. No authentication is required, allowing immediate access to the live video and audio streams.

Remediation

Tattile has acknowledged the vulnerability and plans to release a patch in May 2026. Users are advised to check for the latest firmware updates at that time.

Added: Feb 24, 2026, 8:32 PM
Updated: Feb 24, 2026, 9:58 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.7
remediation
0.0
relevance
3.1
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.