Unauthenticated Configuration Export in ZKTeco CCTV Cameras

Executive Summary

CVE-2026-8598 is a critical security vulnerability found in some models of ZKTeco CCTV cameras, specifically the SSC335-GC2063-Face model. It involves an undocumented configuration export port that is accessible without authentication. This port exposes sensitive information such as open services on the camera and camera account credentials.

An attacker exploiting this vulnerability can bypass authentication and potentially gain full administrative control over the affected device. Additionally, there is a related flaw in the web management interface that could allow unauthorized users to trigger abnormal upgrades, causing system instability or forced restarts.

The vulnerability affects versions prior to firmware V5.0.1.2.20260421, which contains the fix.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive camera information and credentials, which can lead to full administrative control over the device by an attacker.

Such control could allow attackers to manipulate camera settings, disrupt normal operation by triggering abnormal upgrades, cause system instability, or force device restarts.

Because the vulnerability is exploitable remotely without any authentication or user interaction, it poses a high risk to the confidentiality and integrity of the camera system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an undocumented configuration export port on certain ZKTeco CCTV cameras that does not require authentication and exposes sensitive information such as open services and camera account credentials.

To detect this vulnerability on your network or system, you can scan for open ports on the affected ZKTeco camera models, particularly looking for unusual or undocumented ports that may be accessible without authentication.

Common network scanning tools like nmap can be used to identify open ports and services. For example, you might run a command such as:

• nmap -p- --open -sV <camera_ip_address>

This command scans all ports on the target IP address and attempts to identify the service running on each open port. If you find an open port that corresponds to the undocumented configuration export port, it indicates the presence of the vulnerability.

Additionally, attempting to access the configuration export port via a web browser or tools like curl without authentication may confirm exposure of sensitive information.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the affected ZKTeco CCTV cameras to the patched firmware version V5.0.1.2.20260421, which resolves the vulnerability.

If updating firmware is not immediately possible, minimize network exposure of the affected devices by isolating them behind firewalls and restricting access to trusted networks only.

Use secure remote access methods such as VPNs to control access to the cameras and avoid exposing them directly to the internet.

Monitor network traffic for unusual access attempts to the undocumented configuration export port and disable or block this port if possible.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability exposes critical information such as camera account credentials and open services without authentication, which could lead to unauthorized access and information disclosure.

Such unauthorized disclosure of sensitive information may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Organizations using affected devices should apply the available firmware patch and follow recommended security practices (e.g., minimizing network exposure, isolating control systems, and using secure remote access) to mitigate risks and maintain compliance.

Useful 0 Not Useful 0