VYPR

Basic

by Calendarix

CVEs (5)

  • CVE-2026-26341Feb 24, 2026
    risk 0.01cvss epss 0.03

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default…

  • CVE-2026-26342Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared…

  • CVE-2026-26340Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized…

  • CVE-2008-2429Nov 26, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and…

  • CVE-2006-3094Jun 19, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.