{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/zkteco-ssc335-gc2063-face-0b77-solution/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ZKTeco CCTV Cameras","ZKTeco SSC335-GC2063-Face-0b77 Solution"],"_cs_severities":["critical"],"_cs_tags":["cve","authentication-bypass","information-disclosure"],"_cs_type":"advisory","_cs_vendors":["ZKTeco"],"content_html":"\u003cp\u003eAn authentication bypass vulnerability exists in ZKTeco CCTV cameras, specifically affecting the SSC335-GC2063-Face-0b77 Solution versions prior to V5.0.1.2.20260421. CVE-2026-8598 describes how an undocumented configuration export port is accessible without authentication, which exposes critical information, including camera account credentials and open services. Successful exploitation of this vulnerability allows unauthorized access to sensitive camera data. This vulnerability was reported to CISA by Souvik Kandar. ZKTeco released a patch in firmware version V5.0.1.2.20260421.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable ZKTeco CCTV camera exposed on a network.\u003c/li\u003e\n\u003cli\u003eAttacker sends a request to the undocumented configuration export port.\u003c/li\u003e\n\u003cli\u003eThe camera responds with a configuration file without requiring authentication.\u003c/li\u003e\n\u003cli\u003eAttacker parses the configuration file.\u003c/li\u003e\n\u003cli\u003eAttacker extracts sensitive information, including camera account credentials, from the configuration file.\u003c/li\u003e\n\u003cli\u003eAttacker uses the obtained credentials to access the camera\u0026rsquo;s management interface.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to live video feeds and camera settings.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8598 can lead to unauthorized access to sensitive video and audio data. This may result in privacy violations, intellectual property theft, or facilitate further malicious activities, such as physical intrusions. The vulnerability affects ZKTeco CCTV cameras deployed worldwide, including in commercial facilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ZKTeco CCTV cameras to firmware version V5.0.1.2.20260421 or later to remediate CVE-2026-8598.\u003c/li\u003e\n\u003cli\u003eUse the IOC URL \u003ccode\u003ehttps://www.zkteco.com/en/announcement/23\u003c/code\u003e to monitor for updates and further information from ZKTeco.\u003c/li\u003e\n\u003cli\u003eEnable network monitoring to detect suspicious connections to undocumented ports on ZKTeco cameras and deploy the Sigma rule to detect connections to common ports used by these devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T16:16:31Z","date_published":"2026-05-19T16:16:31Z","id":"https://feed.craftedsignal.io/briefs/2026-05-zkteco-cctv-auth-bypass/","summary":"ZKTeco CCTV cameras are vulnerable to authentication bypass due to an undocumented configuration export port that does not require authentication and exposes critical information about the camera, such as open services and account credentials, as tracked by CVE-2026-8598.","title":"ZKTeco CCTV Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-zkteco-cctv-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — ZKTeco SSC335-GC2063-Face-0b77 Solution","version":"https://jsonfeed.org/version/1.1"}