CVE 9.1 CRITICAL

Unauthenticated Export Service in ZKTeco CCTV Cameras_CVE-2026-8598

May 20, 2026 invoker category_cve
9.1 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

An undocumented configuration export port is accessible on some models
of ZKTeco CCTV cameras. This port does not require authentication and
exposes critical information about the camera such as open services and
camera account credentials.

AI Analysis

Unauthenticated access to an undocumented configuration export port in ZKTeco CCTV cameras, exposing critical information such as open services and camera account credentials.

Basic Information

ID CVE-2026-8598
Source icscert
Published May 20, 2026 at 14:53

Affected Product

Vendor ZKTeco
Product SSC335-GC2063-Face-0b77 Solution Camera
Affected Versions ZKTeco SSC335-GC2063-Face-0b77 Solution Camera 0

CWE Classification

CWE-288

AI Assessment

AI Score 9.1 / 10
AI Severity Critical
Vendor ZKTeco
Product SSC335-GC2063-Face-0b77 Solution Camera

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.