Tattile Device Families Default Credentials Vulnerability

A vulnerability exists in Tattile Smart+, Vega, and Basic device families with firmware versions through 1.181.5. These devices are shipped with default credentials that are not required to be changed during installation or commissioning. An attacker with access to the management interface can use the default credentials to gain administrative access, allowing unauthorized modification of device configurations and access to sensitive data.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the affected devices, enabling attackers to manipulate device settings and access confidential information.

Remediation

Tattile has acknowledged this vulnerability and plans to release a patch in May 2026. Users should contact Tattile for guidance on updating to the latest firmware version once it is available.