CVE-2026-8598
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
Risk Assessment
Access to this port may lead to the disclosure of sensitive information, creating a risk of unauthorized access to the surveillance system. Organizations may be vulnerable to attacks that exploit this data.
Recommendation
It is recommended to block access to this port and implement appropriate security measures to protect CCTV systems from unauthorized access.
Original NVD description (English source)
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

