← voltar
CVE-2026-8598

Unauthenticated Export Service in ZKTeco CCTV Cameras

CVSS 9.1 CRITICALEPSS 0.5%CWE-288
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
ZKTeco · SSC335-GC2063-Face-0b77 Solution Camera

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04https://www.zkteco.com/en/announcement/23