Close Menu
    Subscribe
    Alerts

    CVE-2026-8598 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

    PUBLISHED Reserved 2026-05-14 | Published 2026-05-20 | Updated 2026-05-20 | Assigner icscert

    CRITICAL: 9.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

    CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

    Problem types

    CWE-288

    Product status

    Default status
    unaffected

    Any version before V5.0.1.2.20260421
    affected

    V5.0.1.2.20260421
    unaffected

    Credits

    Souvik Kandar reported this vulnerability to CISA. finder

    References

    www.zkteco.com/en/announcement/23 vendor-advisory

    www.cisa.gov/news-events/ics-advisories/icsa-26-139-04

    github.com/…p/csaf_files/OT/white/2026/icsa-26-139-04.json

    cve.org (CVE-2026-8598)

    nvd.nist.gov (CVE-2026-8598)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.