Plateforme
other
Composant
selea-targa-ip-camera
CVE-2021-47730 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Selea Targa IP OCR-ANPR Camera, specifically version 1.0.0–Model: iZero. This vulnerability allows attackers to create new administrative users without requiring authentication, potentially granting them complete control over the camera system. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are recommended until a patch is available.
The impact of this CSRF vulnerability is significant. An attacker can leverage it to add new administrative accounts to the Selea Targa IP OCR-ANPR Camera system. Once an administrative account is created, the attacker gains full control, including the ability to modify camera settings, access video streams, and potentially compromise the entire network segment the camera is connected to. This could lead to unauthorized surveillance, data breaches, and disruption of security operations. The ease of exploitation, requiring only a crafted malicious web page and a logged-in user visiting it, amplifies the risk.
The vulnerability is currently documented in the NVD database, published on December 9, 2025. No public proof-of-concept (POC) code has been identified at this time. The EPSS score is pending evaluation, and there are no known active campaigns exploiting this specific vulnerability. Further monitoring is recommended to assess the evolving threat landscape.
Organizations utilizing Selea Targa IP OCR-ANPR Cameras, version 1.0.0–Model: iZero, are at risk. This includes deployments in traffic monitoring systems, security surveillance networks, and access control applications. Shared hosting environments where multiple cameras might be managed from a single administrative interface are particularly vulnerable.
disclosure
Statut de l'Exploit
EPSS
0.11% (percentile 29%)
CISA SSVC
Due to the lack of a provided fixed version, immediate mitigation focuses on reducing the attack surface and preventing exploitation. Implement strict input validation on all administrative endpoints to prevent malicious data from being submitted. Crucially, implement robust CSRF protection mechanisms, such as synchronizer tokens or double-submit cookies, to prevent unauthorized requests. Consider temporarily disabling administrative interfaces if feasible. Regularly review user accounts and permissions to identify and remove any suspicious accounts. Monitor network traffic for unusual activity related to the camera’s administrative interface.
Mettez à jour le firmware de la caméra IP OCR-ANPR Selea Targa vers la dernière version disponible fournie par le fabricant. Vérifiez et configurez correctement les permissions des utilisateurs pour limiter l'accès administratif. Implémentez des mesures de sécurité supplémentaires, telles que l'authentification à deux facteurs, pour vous protéger contre les attaques de Cross-Site Request Forgery (CSRF).
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-47730 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to create admin users without authentication in Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero.
If you are using Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero, you are potentially affected by this CSRF vulnerability.
A fixed version is not yet available. Mitigate by implementing strict input validation, CSRF protection, and regularly reviewing user accounts.
Currently, there are no confirmed reports of active exploitation, but monitoring is recommended.
Refer to the Selea website and the NVD database for the latest information and any official advisories related to CVE-2021-47730.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.