ZKTeco CCTV Cameras
Plan PatchCVSS 9.1ICS-CERT ICSA-26-139-04May 19, 2026
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in ZKTeco CCTV cameras allows attackers to obtain camera account credentials through information disclosure. Successful exploitation could result in unauthorized access to camera systems and recorded footage. The vulnerability affects the SSC335-GC2063-Face solution in versions prior to V5.0.1.2.20260421.
What this means
What could happen
An attacker on your network could capture camera login credentials, potentially giving them access to view live feeds and recorded video from your security cameras across the facility.
Who's at risk
Security and surveillance teams responsible for ZKTeco CCTV camera systems, particularly those using the SSC335-GC2063-Face solution. Impact extends to any facility relying on these cameras for physical security monitoring.
How it could be exploited
An attacker on the network can intercept unprotected authentication traffic from the ZKTeco CCTV camera system without needing valid credentials or additional actions, extracting stored or transmitted camera account credentials.
Prerequisites
- Network access to the ZKTeco CCTV camera system or its management interface
remotely exploitableno authentication requiredlow complexityaffects safety systems
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
SSC335-GC2063-Face-0b77 Solution<V5.0.1.2.20260421No fix yet
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate ZKTeco SSC335-GC2063-Face cameras to firmware version V5.0.1.2.20260421 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a21d4299-0721-4c7e-93af-88f36277b017Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.