EUVD-2026-31124
GHSA-r827-rrrf-hq75
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionNVD
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
AnalysisAI
Information disclosure in ZKTeco SSC335-GC2063-Face-0B77 Solution Camera exposes credentials and service details through an undocumented configuration export port that requires no authentication. Remote unauthenticated attackers on the network can retrieve camera account credentials and enumerate open services, enabling full takeover of the device. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Audit network access logs to identify ZKTeco camera exposure to untrusted networks and immediately restrict direct network access via firewalls or network segmentation. Within 7 days: Complete inventory of all ZKTeco camera models and firmware versions in production; segregate cameras to a dedicated VLAN with restricted outbound access and no lateral network movement. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today