Volerion logoVolerion
Volerion logoVolerion

ZKTeco CCTV Cameras Authentication Bypass Vulnerability Allowing Information Disclosure

Vulnerability

A vulnerability exists in some models of ZKTeco CCTV cameras, specifically those running the SSC335-GC2063-Face-0b77 Solution prior to version V5.0.1.2.20260421. An undocumented configuration export port is accessible without authentication, exposing critical information such as camera account credentials and details about open services. This vulnerability allows for an authentication bypass, potentially granting full administrative control over the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized access to camera account credentials and other sensitive information, with the potential for full administrative control over the device.

Remediation

ZKTeco has released a patch for this vulnerability in firmware version V5.0.1.2.20260421. Users are advised to upgrade to this version or later. For assistance, contact the ZKTeco customer service hotline or reach out to ZKTeco affiliates and subsidiaries.

Added: May 20, 2026, 4:20 PM
Updated: May 20, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
7.4
remediation
0.0
relevance
8.9
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.