ZKTeco CCTV Cameras
Summary
ZKTeco CCTV cameras, specifically the SSC335-GC2063-Face-0b77 Solution with firmware versions prior to V5.0.1.2.20260421, are affected by an authentication bypass vulnerability. Successful exploitation could lead to the disclosure of sensitive camera account credentials.
IFF Assessment
The vulnerability allows attackers to bypass authentication and capture camera credentials, posing a direct threat to the security and privacy of surveillance systems.
Severity
The CVSS v3 score of 9.1 indicates a critical severity. This is due to the 'Authentication Bypass Using an Alternate Path or Channel' vulnerability (CWE-288), which allows for unauthorized access and information disclosure (camera credentials) without authentication, making it highly exploitable.
Defender Context
This vulnerability highlights the ongoing risks associated with IoT devices, particularly in critical infrastructure sectors like commercial facilities. Defenders should prioritize patching and network segmentation for such devices to prevent unauthorized access and credential theft.