ZKTeco CCTV Cameras

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. /strong /p p The following versions of ZKTeco CCTV Cameras are affected: /p ul li SSC335-GC2063-Face-0b77 Solution /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td ZKTeco /td td ZKTeco CCTV Cameras /td td Authentication Bypass Using an Alternate Path or Channel /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-8598 /a /h3 div class= csaf-accordion-content p An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-8598 View CVE Details /a /p hr h4 Affected Products /h4 h5 ZKTeco CCTV Cameras /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ZKTeco /div div class= ics-version strong Product Version: /strong br ZKTeco SSC335-GC2063-Face-0b77 Solution: lt;V5.0.1.2.20260421 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity. /p p strong Mitigation /strong br Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information. br a href= https://www.zkteco.com/en/announcement/23 https://www.zkteco.com/en/announcement/23 /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/288.html CWE-288 Authentication Bypass Using an Alternate Path or Channel /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th