Platform
other
Component
selea-targa-ip-camera
CVE-2021-47730 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Selea Targa IP OCR-ANPR Camera, specifically version 1.0.0–Model: iZero. This vulnerability allows attackers to create new administrative users without requiring authentication, potentially granting them complete control over the camera system. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are recommended until a patch is available.
The impact of this CSRF vulnerability is significant. An attacker can leverage it to add new administrative accounts to the Selea Targa IP OCR-ANPR Camera system. Once an administrative account is created, the attacker gains full control, including the ability to modify camera settings, access video streams, and potentially compromise the entire network segment the camera is connected to. This could lead to unauthorized surveillance, data breaches, and disruption of security operations. The ease of exploitation, requiring only a crafted malicious web page and a logged-in user visiting it, amplifies the risk.
The vulnerability is currently documented in the NVD database, published on December 9, 2025. No public proof-of-concept (POC) code has been identified at this time. The EPSS score is pending evaluation, and there are no known active campaigns exploiting this specific vulnerability. Further monitoring is recommended to assess the evolving threat landscape.
Exploit Status
EPSS
0.11% (29% percentile)
CISA SSVC
Due to the lack of a provided fixed version, immediate mitigation focuses on reducing the attack surface and preventing exploitation. Implement strict input validation on all administrative endpoints to prevent malicious data from being submitted. Crucially, implement robust CSRF protection mechanisms, such as synchronizer tokens or double-submit cookies, to prevent unauthorized requests. Consider temporarily disabling administrative interfaces if feasible. Regularly review user accounts and permissions to identify and remove any suspicious accounts. Monitor network traffic for unusual activity related to the camera’s administrative interface.
Update the Selea Targa IP OCR-ANPR camera firmware to the latest version provided by the manufacturer. Verify and configure user permissions appropriately to limit administrative access. Implement additional security measures, such as two-factor authentication, to protect against Cross-Site Request Forgery (CSRF) attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-47730 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to create admin users without authentication in Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero.
If you are using Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero, you are potentially affected by this CSRF vulnerability.
A fixed version is not yet available. Mitigate by implementing strict input validation, CSRF protection, and regularly reviewing user accounts.
Currently, there are no confirmed reports of active exploitation, but monitoring is recommended.
Refer to the Selea website and the NVD database for the latest information and any official advisories related to CVE-2021-47730.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.