---
title: "Critical Flaw in ZKTeco CCTV Cameras Exposes Credentials Worldwide"
short_title: "ZKTeco CCTV cameras leak credentials via flaw"
description: "A critical authentication bypass vulnerability (CVE-2026-8598) in ZKTeco CCTV cameras exposes account credentials. Learn how to mitigate this high-severity risk now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [cctv, zkteco, cve-2026-8598, authentication-bypass, iot-security]
score: 0.85
cve_ids: [CVE-2026-8598]
---
## TL;DR
A critical vulnerability (CVE-2026-8598) in ZKTeco CCTV cameras allows unauthenticated access to sensitive data, including camera account credentials. The flaw, rated 9.1 (CRITICAL), affects models worldwide and has been patched in the latest firmware. Organizations must upgrade immediately to prevent exploitation and data breaches.
Main Content
### Critical Vulnerability in ZKTeco CCTV Cameras Exposes Global Security Risk
In a major security alert, researchers have uncovered a critical authentication bypass vulnerability in ZKTeco CCTV cameras, potentially exposing millions of devices to unauthorized access. The flaw, tracked as CVE-2026-8598, allows attackers to exploit an undocumented configuration export port, revealing sensitive information such as camera credentials and open services. With a CVSS score of 9.1, this vulnerability poses a severe risk to organizations relying on ZKTeco cameras for surveillance and security.
### Key Points
- Vulnerability Impact: Successful exploitation could lead to information disclosure, including the capture of camera account credentials.
- Affected Models: The flaw impacts ZKTeco SSC335-GC2063-Face-0b77 Solution firmware versions prior to V5.0.1.2.20260421.
- Global Deployment: ZKTeco CCTV cameras are deployed across commercial facilities worldwide, amplifying the risk of widespread exploitation.
- Patch Available: ZKTeco has released a firmware update (V5.0.1.2.20260421) to address the vulnerability. Users are urged to upgrade immediately.
- No Exploitation Reported Yet: As of this publication, no known public exploitation has been reported to CISA.
### Technical Details
#### Vulnerability Overview
CVE-2026-8598 is an authentication bypass vulnerability that exploits an undocumented configuration export port in ZKTeco CCTV cameras. This port, accessible without authentication, exposes critical system details, including:
- Open services running on the camera.
- Camera account credentials, which could be leveraged for further attacks.
The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), a common flaw in IoT devices that often stems from poor access controls or hardcoded credentials.
#### CVSS Metrics
The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (CRITICAL), with the following vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Attack Vector (AV:N): Exploitable remotely over the network.
- Attack Complexity (AC:L): Low complexity, requiring no special conditions.
- Privileges Required (PR:N): No privileges required.
- User Interaction (UI:N): No user interaction needed.
- Scope (S:U): Impact confined to the vulnerable component.
- Confidentiality (C:H): High impact, as sensitive data is exposed.
- Integrity (I:H): High impact, as attackers could manipulate camera settings.
- Availability (A:N): No impact on system availability.
### Impact Assessment
#### Who Is at Risk?
- Commercial Facilities: ZKTeco cameras are widely used in retail stores, offices, and public spaces, making them prime targets for attackers seeking to compromise physical security systems.
- Global Organizations: With deployments worldwide, the vulnerability could expose businesses across multiple industries, including hospitality, healthcare, and education.
- Third-Party Vendors: Organizations using ZKTeco cameras as part of integrated security solutions may unknowingly inherit this risk.
#### Potential Consequences
- Unauthorized Access: Attackers could gain control of CCTV cameras, disabling surveillance or using them as entry points into broader networks.
- Data Breaches: Exposed credentials could lead to lateral movement within an organization’s network, increasing the risk of data theft or ransomware attacks.
- Reputation Damage: A breach involving physical security systems could erode customer trust and result in regulatory penalties.
### Mitigation Steps
ZKTeco has released a firmware patch (V5.0.1.2.20260421) to address CVE-2026-8598. Organizations using affected models should take the following steps immediately:
#### 1. Apply the Firmware Update
- Download and install the latest firmware (V5.0.1.2.20260421 or later) from ZKTeco’s official security advisory.
- Follow the vendor’s instructions for safe firmware upgrades to avoid disruptions.
#### 2. Network Segmentation
- Isolate CCTV cameras from business networks using firewalls or VLANs to limit exposure.
- Ensure cameras are not accessible from the internet. If remote access is required, use a VPN with multi-factor authentication (MFA).
#### 3. Monitor for Suspicious Activity
- Deploy intrusion detection systems (IDS) to monitor traffic to and from CCTV cameras.
- Regularly audit camera logs for unauthorized access attempts or unusual activity.
#### 4. Implement Defense-in-Depth Strategies
- Follow CISA’s recommended practices for ICS security to harden critical infrastructure.
- Review CISA’s Targeted Cyber Intrusion Detection and Mitigation Strategies for additional guidance.
### Affected Systems
| Vendor | Product | Affected Version | Status |
|-------------|--------------------------------------|------------------------------------|--------------------|
| ZKTeco | SSC335-GC2063-Face-0b77 Solution | < V5.0.1.2.20260421 | Known Affected |
## Conclusion
The discovery of CVE-2026-8598 in ZKTeco CCTV cameras highlights the growing risks associated with IoT and physical security systems. As attackers increasingly target vulnerabilities in connected devices, organizations must prioritize proactive patch management, network segmentation, and continuous monitoring to mitigate threats.
While no exploitation has been reported yet, the critical severity of this flaw demands immediate action. Businesses using ZKTeco cameras should upgrade their firmware without delay and implement the recommended security measures to safeguard their infrastructure.
For further updates, monitor CISA’s ICS Advisories and ZKTeco’s security announcements.
## References
[^1]: CISA. "ICSA-26-139-04 ZKTeco CCTV Cameras". Retrieved 2024-10-02.
[^2]: MITRE. "CWE-288: Authentication Bypass Using an Alternate Path or Channel". Retrieved 2024-10-02.
[^3]: ZKTeco. "Security Advisory: CVE-2026-8598". Retrieved 2024-10-02.
[^4]: CVE Details. "CVE-2026-8598". Retrieved 2024-10-02.