CVE-2026-8598 describes an undocumented configuration export port on some ZKTeco CCTV camera models that is accessible without authentication. According to the supplied source summary, the port can expose critical device information, including open services and camera account credentials. With a CVSS 4.0 score of 9.1, this is a critical remote exposure issue that can materially increase the risk of unauth [truncated]
CVE-2023-38950 is a path traversal vulnerability affecting ZKTeco BioTime and is listed by CISA in the Known Exploited Vulnerabilities (KEV) catalog. CISA’s KEV entry shows it was added on 2025-05-19 and sets a remediation due date of 2025-06-09. Because it is a known-exploited issue, organizations using BioTime should treat it as a high-priority remediation item and follow vendor guidance or remove the p [truncated]
