CVE-2026-8598
9.1 CRITICALAn undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras
Published: 2026-05-20 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-288
Description
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-10523 — An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauth... (9.9 CRITICAL)
- CVE-2026-5415 — The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnera... (8.8 HIGH)
- CVE-2026-36175 — An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access ... (6.8 MEDIUM)
- CVE-2026-42654 — Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recover... (7.1 HIGH)
- CVE-2026-40780 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploita... (7.5 HIGH)