CVE-2025-34022
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-11-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal (directory traversal) flaw in multiple models of Selea Targa IP OCR-ANPR cameras. It exists in the get_file.php script used on the "Download Archive in Storage" page, where the input parameter specifying the file is not properly validated. This allows unauthenticated remote attackers to manipulate the file path and read arbitrary files on the device, including sensitive system files and configuration files containing clear-text credentials. Exploiting this can lead to authentication bypass and exposure of system information. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker to remotely access and download arbitrary files from the affected camera devices without any authentication. This can expose sensitive information such as system password files and configuration files with clear-text credentials, potentially enabling the attacker to bypass authentication and fully compromise the device. This poses a significant security risk, especially since these cameras operate autonomously and are used for critical functions like automatic number plate recognition and hazardous material identification. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the directory traversal flaw in the get_file.php script on the affected Selea Targa IP OCR-ANPR cameras. One can use crafted HTTP requests to the "Download Archive in Storage" page to try to retrieve sensitive files such as /etc/passwd or users.json. Example commands include using curl with URL-encoded directory traversal sequences, for instance: curl "http://<camera-ip>/common/get_file.php?file=%2f..%2f..%2f..%2fetc%2fpasswd" to check if arbitrary files can be accessed without authentication. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected cameras to trusted users only, ideally isolating them from untrusted networks. Applying any available firmware or software updates from the vendor that address this vulnerability is critical. If updates are not yet available, disabling or restricting access to the "Download Archive in Storage" feature or the get_file.php script can reduce risk. Monitoring network traffic for suspicious requests targeting get_file.php and implementing network-level controls such as firewalls or intrusion detection systems to block exploitation attempts are also recommended. [3]