CVE-2021-47727
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2026-02-23

Assigner: VulnCheck

Description
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47727
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
selea izero_box_full_firmware *
selea izero_column_entry/8_firmware *
selea izero_column_full/8_firmware *
selea targa_504_firmware *
selea targa_512_firmware *
selea targa_704_ilb_firmware *
selea targa_704_tkm_firmware *
selea targa_710_inox_firmware *
selea targa_750_firmware *
selea targa_805_firmware *
selea targa_semplice_firmware *
selea carplateserver 3.005(191112)
selea carplateserver 3.005(191206)
selea carplateserver 3.100(200225)
selea carplateserver 4.013(201105)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated remote access to live video streams from Selea Targa IP OCR-ANPR cameras, exposing sensitive surveillance footage without authorization. This unauthorized disclosure of personal and potentially sensitive data could lead to violations of privacy regulations such as GDPR and HIPAA, which require protection of personal data and secure access controls. Therefore, this vulnerability poses significant risks to compliance with these common standards and regulations by failing to adequately protect sensitive video data from unauthorized access. [3, 5]

Executive Summary

The vulnerability in the Selea Targa IP OCR-ANPR Camera allows remote attackers to access live video streams without any authentication. Attackers can connect directly to the camera's RTP/RTSP or M-JPEG streams by requesting specific endpoints such as p1.mjpg or p1.264, enabling them to view the camera footage without permission.

Impact Analysis

This vulnerability can lead to unauthorized access to live video feeds from the affected cameras, potentially compromising privacy and security. Attackers could spy on sensitive areas monitored by the camera, leading to privacy violations, security breaches, and unauthorized surveillance.

Detection Guidance

This vulnerability can be detected by attempting to access the live video streams of the Selea Targa IP OCR-ANPR cameras without authentication. Specifically, you can try to connect to the camera's RTP/RTSP or M-JPEG streams by requesting the endpoints p1.mjpg or p1.264. For example, using curl or wget to request http://<camera-ip>/p1.mjpg or rtsp://<camera-ip>/p1.264 can help verify if the streams are accessible without authentication. If the streams are accessible without credentials, the device is vulnerable. [3, 4, 5]

Mitigation Strategies

Immediate mitigation steps include updating the camera firmware and CarPlateServer software to the latest versions where the vendor has implemented fixes for this vulnerability. If updates are not yet available, restrict network access to the affected cameras by placing them behind firewalls or VPNs, limiting exposure to untrusted networks. Additionally, monitor network traffic for unauthorized access attempts to the vulnerable endpoints and consider disabling RTP/RTSP or M-JPEG streaming if possible until a patch is applied. [5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart