CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

ZKTeco CCTV Cameras

ADVISORY SUMMARY Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

PT-2026-42011

Name of the Vulnerable Software and Affected Versions ZKTeco CCTV cameras affected versions not specified Description An issue exists in ZKTeco CCTV cameras that allows unauthenticated users to export configuration data, which leads to the exposure of administrator credentials. Recommendations...

CVE-2026-33469

Frigate (NVR) vulnerability CVE-2026-33469 affects version 0.17.0: an authenticated non-admin user can access the full unredacted configuration via /api/config/raw, exposing secrets (camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and other config.yml data). The issu...

Multiple India-based CCTV Cameras (Update A)**

RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Ubia Ubox (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

EUVD-2025-35202

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

CVE-2024-12569

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions...

Siemens Siveillance Video Camera

SUMMARY Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. Siemens has released an update...

CVE-2024-12569

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions...

PT-2024-17657 · Hikvision +1 · Hikvision Camera Driver +1

Name of the Vulnerable Software and Affected Versions: Milestone XProtect Device Pack affected versions not specified HikVision camera driver in XProtect Device Pack affected versions not specified Description: The issue is related to the disclosure of sensitive information in a log file of the...

CVE-2024-45175

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a...

CVE-2023-24506

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request...