CVE-2026-8598

Summary

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Affected Software

VendorProductVersion RangeStatus
ZKTecoSSC335-GC2063-Face-0b77 Solution Camera0 < V5.0.1.2.20260421affected
ZKTecoSSC335-GC2063-Face-0b77 Solution CameraV5.0.1.2.20260421unaffected

Weaknesses

  • CWE-288: CWE-288

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References