CVE-2021-47727
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| selea | izero_box_full_firmware | * |
| selea | izero_column_entry/8_firmware | * |
| selea | izero_column_full/8_firmware | * |
| selea | targa_504_firmware | * |
| selea | targa_512_firmware | * |
| selea | targa_704_ilb_firmware | * |
| selea | targa_704_tkm_firmware | * |
| selea | targa_710_inox_firmware | * |
| selea | targa_750_firmware | * |
| selea | targa_805_firmware | * |
| selea | targa_semplice_firmware | * |
| selea | carplateserver | 3.005(191112) |
| selea | carplateserver | 3.005(191206) |
| selea | carplateserver | 3.100(200225) |
| selea | carplateserver | 4.013(201105) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote access to live video streams from Selea Targa IP OCR-ANPR cameras, exposing sensitive surveillance footage without authorization. This unauthorized disclosure of personal and potentially sensitive data could lead to violations of privacy regulations such as GDPR and HIPAA, which require protection of personal data and secure access controls. Therefore, this vulnerability poses significant risks to compliance with these common standards and regulations by failing to adequately protect sensitive video data from unauthorized access. [3, 5]
Can you explain this vulnerability to me?
The vulnerability in the Selea Targa IP OCR-ANPR Camera allows remote attackers to access live video streams without any authentication. Attackers can connect directly to the camera's RTP/RTSP or M-JPEG streams by requesting specific endpoints such as p1.mjpg or p1.264, enabling them to view the camera footage without permission.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to live video feeds from the affected cameras, potentially compromising privacy and security. Attackers could spy on sensitive areas monitored by the camera, leading to privacy violations, security breaches, and unauthorized surveillance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the live video streams of the Selea Targa IP OCR-ANPR cameras without authentication. Specifically, you can try to connect to the camera's RTP/RTSP or M-JPEG streams by requesting the endpoints p1.mjpg or p1.264. For example, using curl or wget to request http://<camera-ip>/p1.mjpg or rtsp://<camera-ip>/p1.264 can help verify if the streams are accessible without authentication. If the streams are accessible without credentials, the device is vulnerable. [3, 4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the camera firmware and CarPlateServer software to the latest versions where the vendor has implemented fixes for this vulnerability. If updates are not yet available, restrict network access to the affected cameras by placing them behind firewalls or VPNs, limiting exposure to untrusted networks. Additionally, monitor network traffic for unauthorized access attempts to the vulnerable endpoints and consider disabling RTP/RTSP or M-JPEG streaming if possible until a patch is applied. [5]