This vulnerability involves an undocumented configuration export port on some ZKTeco CCTV camera models that does not require authentication. Through this port, an attacker can retrieve critical information including open services and camera account credentials. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and has a CVSS 4.0 base score of 9.1, indicating a critical severity level. No official patch or remediation level has been provided by the vendor as of the published date.

The vulnerability allows unauthenticated attackers to access sensitive configuration data, including camera account credentials and information about open services. This can lead to unauthorized control or further compromise of the affected cameras, potentially impacting the confidentiality and integrity of surveillance data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor vendor communications for updates. Until a fix is available, restricting network access to the affected cameras and disabling unused services may reduce exposure.