ACCORDING to CISA, the ICS Advisory ICSA-26-139-04 warns of a vulnerability in ZKTeco CCTV Cameras, specifically CVE-2026-8598, where an undocumented configuration export port is accessible on some models and does not require authentication, exposing open services and camera account credentials. The affected product is ZKTeco CCTV Cameras, including the ZKTeco SSC335-GC2063-Face-0b77 Solution, with firmware version V5.0.1.2.20260421 identified as the patched release.
The advisory notes that successful exploitation could result in information disclosure, including capture of camera account credentials, and assigns a CVSS v3.1 base score of 9.1 (CRITICAL). Remediation advised by ZKTeco involves upgrading to firmware version V5.0.1.2.20260421 or later, and the agency provides further information via the ZKTeco security announcement. No known public exploitation of this vulnerability has been reported to CISA at this time.