CVE Catalog

CVE-2026-8598

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile — higher than 39% of all known CVEs

Summary

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Risk Assessment

Access to this port may lead to the disclosure of sensitive information, creating a risk of unauthorized access to the surveillance system. Organizations may be vulnerable to attacks that exploit this data.

Recommendation

It is recommended to block access to this port and implement appropriate security measures to protect CCTV systems from unauthorized access.

Original NVD description (English source)

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS