## ZKTeco CCTV Cameras Plagued by Authentication Bypass Vulnerability An authentication bypass vulnerability has been discovered in **ZKTeco** CCTV cameras, potentially leading to significant security risks. The vulnerability, tracked as **CVE-2026-8598**, affects specific models and firmware versions, allowing attackers to access sensitive information without proper authorization. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json) ### Impact Successful exploitation of this vulnerability could result in information disclosure, including the capture of camera account credentials, potentially compromising the security of the surveillance system. ### Affected Products The following versions of **ZKTeco** CCTV Cameras are affected: * SSC335-GC2063-Face-0b77 Solution <table data-tablesaw-minimap="" data-tablesaw-mode="stack"> <thead> <tr> <th data-tablesaw-priority="persist" role="columnheader">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.1</td> <td>ZKTeco</td> <td>ZKTeco CCTV Cameras</td> <td>Authentication Bypass Using an Alternate Path or Channel</td> </tr> </tbody> </table> ### Background * **Critical Infrastructure Sectors:** Commercial Facilities * **Countries/Areas Deployed:** Worldwide * **Company Headquarters Location:** China --- ## Vulnerability Details An undocumented configuration export port is accessible on some models of **ZKTeco** CCTV cameras. This port does not require authentication and exposes critical information about the camera, such as open services and camera account credentials. [View CVE Details](https://www.cve.org/CVERecord?id=CVE-2026-8598) --- ### Affected Products (Specifics) **Vendor:** ZKTeco **Product Version:** ZKTeco SSC335-GC2063-Face-0b77 Solution: <V5.0.1.2.20260421 **Product Status:** known_affected **Relevant CWE:** [CWE-288 Authentication Bypass Using an Alternate Path or Channel](https://cwe.mitre.org/data/definitions/288.html) --- ## Acknowledgments * Souvik Kandar reported this vulnerability to **CISA** --- ## Recommended Mitigation Measures **CISA** recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. These include: * Minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. * Locating control system networks and remote devices behind firewalls and isolating them from business networks. * When remote access is required, using more secure methods, such as Virtual Private Networks (**VPNs**), recognizing **VPNs** may have vulnerabilities and should be updated to the most current version available. Also recognize **VPN** is only as secure as the connected devices. **CISA** reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. **CISA** also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several **CISA** products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. **CISA** encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to **CISA** for tracking and correlation against other incidents. No known public exploitation specifically targeting this vulnerability has been reported to **CISA** at this time. --- ## Revision History * **Initial Release Date:** 2026-05-19 <table data-tablesaw-minimap="" data-tablesaw-mode="stack"> <thead> <tr> <th data-tablesaw-priority="persist" role="columnheader">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-05-19</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> ---