CVE-2021-47730 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Selea Targa IP OCR-ANPR Camera, specifically version 1.0.0–Model: iZero. This vulnerability allows attackers to create new administrative users without requiring authentication, potentially granting them complete control over the camera system. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are recommended until a patch is available.
The impact of this CSRF vulnerability is significant. An attacker can leverage it to add new administrative accounts to the Selea Targa IP OCR-ANPR Camera system. Once an administrative account is created, the attacker gains full control, including the ability to modify camera settings, access video streams, and potentially compromise the entire network segment the camera is connected to. This could lead to unauthorized surveillance, data breaches, and disruption of security operations. The ease of exploitation, requiring only a crafted malicious web page and a logged-in user visiting it, amplifies the risk.
The vulnerability is currently documented in the NVD database, published on December 9, 2025. No public proof-of-concept (POC) code has been identified at this time. The EPSS score is pending evaluation, and there are no known active campaigns exploiting this specific vulnerability. Further monitoring is recommended to assess the evolving threat landscape.
Organizations utilizing Selea Targa IP OCR-ANPR Cameras, version 1.0.0–Model: iZero, are at risk. This includes deployments in traffic monitoring systems, security surveillance networks, and access control applications. Shared hosting environments where multiple cameras might be managed from a single administrative interface are particularly vulnerable.
disclosure
漏洞利用状态
EPSS
0.11% (29% 百分位)
CISA SSVC
Due to the lack of a provided fixed version, immediate mitigation focuses on reducing the attack surface and preventing exploitation. Implement strict input validation on all administrative endpoints to prevent malicious data from being submitted. Crucially, implement robust CSRF protection mechanisms, such as synchronizer tokens or double-submit cookies, to prevent unauthorized requests. Consider temporarily disabling administrative interfaces if feasible. Regularly review user accounts and permissions to identify and remove any suspicious accounts. Monitor network traffic for unusual activity related to the camera’s administrative interface.
将 Selea Targa IP OCR-ANPR 相机固件更新到制造商提供的最新版本。验证并正确配置用户权限以限制管理访问。实施额外的安全措施,例如双因素身份验证,以防止 (CSRF) 跨站请求伪造攻击。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-47730 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to create admin users without authentication in Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero.
If you are using Selea Targa IP OCR-ANPR Camera version 1.0.0–Model: iZero, you are potentially affected by this CSRF vulnerability.
A fixed version is not yet available. Mitigate by implementing strict input validation, CSRF protection, and regularly reviewing user accounts.
Currently, there are no confirmed reports of active exploitation, but monitoring is recommended.
Refer to the Selea website and the NVD database for the latest information and any official advisories related to CVE-2021-47730.