CVE-2026-8598

Vulnerability

Overview

CVE-2026-8598 is an authentication bypass vulnerability affecting ZKTeco CCTV cameras, specifically the SSC335-GC2063-Face-0b77 Solution running firmware versions prior to V5.0.1.2.20260421 [1]. The root cause is an undocumented configuration export port that is accessible on some models without requiring any authentication [1][3]. This port exposes sensitive device information, including a list of open services and camera account credentials [1]. The issue is classified under CWE-288, Authentication Bypass Using an Alternate Path or Channel [1].

Attack

Vector and Exploitation

The vulnerability is exploitable by any attacker who can reach the undocumented port on the network; no authentication is required [1]. The attack surface is limited to devices that have the vulnerable port exposed, which is typically accessible on the local network or, in poorly secured configurations, from the internet. No user interaction or prior access is needed. ZKTeco recommends minimizing network exposure for all control system devices and ensuring they are not accessible from the Internet [1].

Impact

Successful exploitation leads to information disclosure, including the capture of camera account credentials [1]. An attacker who obtains credentials could gain full administrative control over the affected device, potentially allowing them to view camera feeds, modify configuration, or disrupt operations [3]. This represents a significant risk to the confidentiality and integrity of the surveillance system.

Mitigation and

Remediation

ZKTeco has released a patched firmware version V5.0.1.2.20260421 for the SSC335-GC2063-Face-0b77 solution, which fixes this vulnerability [3]. Affected users should update to this latest version immediately via ZKTeco customer support channels [3]. As interim measures, CISA recommends isolating affected devices on secure networks, placing them behind firewalls, and using VPNs for any remote access [1].