CVE-2026-8598 (GCVE-0-2026-8598)
Vulnerability from cvelistv5 – Published: 2026-05-20 14:53 – Updated: 2026-05-20 15:27
VLAI
Title
Unauthenticated Export Service in ZKTeco CCTV Cameras
Summary
An undocumented configuration export port is accessible on some models
of ZKTeco CCTV cameras. This port does not require authentication and
exposes critical information about the camera such as open services and
camera account credentials.
Severity
9.1 (Critical)
CWE
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZKTeco | SSC335-GC2063-Face-0b77 Solution Camera |
Affected:
0 , < V5.0.1.2.20260421
(custom)
Unaffected: V5.0.1.2.20260421 |
Date Public
2026-05-20 02:02
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:27:20.433318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:27:49.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SSC335-GC2063-Face-0b77 Solution Camera",
"vendor": "ZKTeco",
"versions": [
{
"lessThan": "V5.0.1.2.20260421",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "V5.0.1.2.20260421"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-20T02:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An undocumented configuration export port is accessible on some models \nof ZKTeco CCTV cameras. This port does not require authentication and \nexposes critical information about the camera such as open services and \ncamera account credentials."
}
],
"value": "An undocumented configuration export port is accessible on some models \nof ZKTeco CCTV cameras. This port does not require authentication and \nexposes critical information about the camera such as open services and \ncamera account credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:53:48.861Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zkteco.com/en/announcement/23"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity."
}
],
"value": "ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\u003cbr\u003e\u003ca href=\"https://www.zkteco.com/en/announcement/23\"\u003ehttps://www.zkteco.com/en/announcement/23\u003c/a\u003e"
}
],
"value": "Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\n https://www.zkteco.com/en/announcement/23"
}
],
"source": {
"advisory": "ICSA-26-139-04",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Export Service in ZKTeco CCTV Cameras",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-8598",
"datePublished": "2026-05-20T14:53:48.861Z",
"dateReserved": "2026-05-14T14:10:56.160Z",
"dateUpdated": "2026-05-20T15:27:49.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-8598",
"date": "2026-05-30",
"epss": "0.0008",
"percentile": "0.23653"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-8598\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2026-05-20T16:16:27.707\",\"lastModified\":\"2026-05-20T17:30:40.450\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An undocumented configuration export port is accessible on some models \\nof ZKTeco CCTV cameras. This port does not require authentication and \\nexposes critical information about the camera such as open services and \\ncamera account credentials.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]}],\"references\":[{\"url\":\"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.zkteco.com/en/announcement/23\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8598\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-20T15:27:20.433318Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-20T15:27:45.714Z\"}}], \"cna\": {\"title\": \"Unauthenticated Export Service in ZKTeco CCTV Cameras\", \"source\": {\"advisory\": \"ICSA-26-139-04\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Souvik Kandar reported this vulnerability to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ZKTeco\", \"product\": \"SSC335-GC2063-Face-0b77 Solution Camera\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0.1.2.20260421\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"V5.0.1.2.20260421\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\\n https://www.zkteco.com/en/announcement/23\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\u003cbr\u003e\u003ca href=\\\"https://www.zkteco.com/en/announcement/23\\\"\u003ehttps://www.zkteco.com/en/announcement/23\u003c/a\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-05-20T02:02:00.000Z\", \"references\": [{\"url\": \"https://www.zkteco.com/en/announcement/23\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An undocumented configuration export port is accessible on some models \\nof ZKTeco CCTV cameras. This port does not require authentication and \\nexposes critical information about the camera such as open services and \\ncamera account credentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An undocumented configuration export port is accessible on some models \\nof ZKTeco CCTV cameras. This port does not require authentication and \\nexposes critical information about the camera such as open services and \\ncamera account credentials.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-05-20T14:53:48.861Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-8598\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-20T15:27:49.460Z\", \"dateReserved\": \"2026-05-14T14:10:56.160Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-05-20T14:53:48.861Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…