प्लेटफ़ॉर्म
other
घटक
selea-targa-ip-camera
CVE-2021-47730 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Selea Targa IP OCR-ANPR Camera, specifically version 1.0.0–Model: iZero. This vulnerability allows attackers to create new administrative users without requiring authentication, potentially granting them complete control over the camera system. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are recommended until a patch is available.
The impact of this CSRF vulnerability is significant. An attacker can leverage it to add new administrative accounts to the Selea Targa IP OCR-ANPR Camera system. Once an administrative account is created, the attacker gains full control, including the ability to modify camera settings, access video streams, and potentially compromise the entire network segment the camera is connected to. This could lead to unauthorized surveillance, data breaches, and disruption of security operations. The ease of exploitation, requiring only a crafted malicious web page and a logged-in user visiting it, amplifies the risk.
The vulnerability is currently documented in the NVD database, published on December 9, 2025. No public proof-of-concept (POC) code has been identified at this time. The EPSS score is pending evaluation, and there are no known active campaigns exploiting this specific vulnerability. Further monitoring is recommended to assess the evolving threat landscape.
Organizations utilizing Selea Targa IP OCR-ANPR Cameras, version 1.0.0–Model: iZero, are at risk. This includes deployments in traffic monitoring systems, security surveillance networks, and access control applications. Shared hosting environments where multiple cameras might be managed from a single administrative interface are particularly vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.11% (29% शतमक)
CISA SSVC
Due to the lack of a provided fixed version, immediate mitigation focuses on reducing the attack surface and preventing exploitation. Implement strict input validation on all administrative endpoints to prevent malicious data from being submitted. Crucially, implement robust CSRF protection mechanisms, such as synchronizer tokens or double-submit cookies, to prevent unauthorized requests. Consider temporarily disabling administrative interfaces if feasible. Regularly review user accounts and permissions to identify and remove any suspicious accounts. Monitor network traffic for unusual activity related to the camera’s administrative interface.
Selea Targa IP OCR-ANPR कैमरे के फर्मवेयर को निर्माता द्वारा प्रदान किए गए नवीनतम संस्करण में अपडेट करें। प्रशासनिक पहुंच को सीमित करने के लिए उपयोगकर्ता अनुमतियों को सत्यापित और ठीक से कॉन्फ़िगर करें। क्रॉस-साइट रिक्वेस्ट फोर्जरी (CSRF) हमलों से बचाने के लिए दो-कारक प्रमाणीकरण जैसे अतिरिक्त सुरक्षा उपाय लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2021-47730 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to create admin users without authentication in Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero.
If you are using Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero, you are potentially affected by this CSRF vulnerability.
A fixed version is not yet available. Mitigate by implementing strict input validation, CSRF protection, and regularly reviewing user accounts.
Currently, there are no confirmed reports of active exploitation, but monitoring is recommended.
Refer to the Selea website and the NVD database for the latest information and any official advisories related to CVE-2021-47730.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।