ZKTeco — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/zkteco/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 19 May 2026 16:16:31 +0000ZKTeco CCTV Authentication Bypass Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-05-zkteco-cctv-auth-bypass/Tue, 19 May 2026 16:16:31 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-zkteco-cctv-auth-bypass/ZKTeco CCTV cameras are vulnerable to authentication bypass due to an undocumented configuration export port that does not require authentication and exposes critical information about the camera, such as open services and account credentials, as tracked by CVE-2026-8598.An authentication bypass vulnerability exists in ZKTeco CCTV cameras, specifically affecting the SSC335-GC2063-Face-0b77 Solution versions prior to V5.0.1.2.20260421. CVE-2026-8598 describes how an undocumented configuration export port is accessible without authentication, which exposes critical information, including camera account credentials and open services. Successful exploitation of this vulnerability allows unauthorized access to sensitive camera data. This vulnerability was reported to CISA by Souvik Kandar. ZKTeco released a patch in firmware version V5.0.1.2.20260421.

Attack Chain

  1. Attacker identifies a vulnerable ZKTeco CCTV camera exposed on a network.
  2. Attacker sends a request to the undocumented configuration export port.
  3. The camera responds with a configuration file without requiring authentication.
  4. Attacker parses the configuration file.
  5. Attacker extracts sensitive information, including camera account credentials, from the configuration file.
  6. Attacker uses the obtained credentials to access the camera’s management interface.
  7. Attacker gains unauthorized access to live video feeds and camera settings.

Impact

Successful exploitation of CVE-2026-8598 can lead to unauthorized access to sensitive video and audio data. This may result in privacy violations, intellectual property theft, or facilitate further malicious activities, such as physical intrusions. The vulnerability affects ZKTeco CCTV cameras deployed worldwide, including in commercial facilities.

Recommendation

  • Upgrade ZKTeco CCTV cameras to firmware version V5.0.1.2.20260421 or later to remediate CVE-2026-8598.
  • Use the IOC URL https://www.zkteco.com/en/announcement/23 to monitor for updates and further information from ZKTeco.
  • Enable network monitoring to detect suspicious connections to undocumented ports on ZKTeco cameras and deploy the Sigma rule to detect connections to common ports used by these devices.
]]>criticaladvisorycveauthentication-bypassinformation-disclosure