CVE-2026-8598
9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZKTeco | SSC335-GC2063-Face-0b77 Solution Camera | 0 < V5.0.1.2.20260421 | affected |
| ZKTeco | SSC335-GC2063-Face-0b77 Solution Camera | V5.0.1.2.20260421 | unaffected |
Weaknesses
- CWE-288: CWE-288
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.zkteco.com/en/announcement/23
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.