CVE-2021-47731
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-02-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| selea | izero_box_full_firmware | * |
| selea | izero_column_entry/8_firmware | * |
| selea | izero_column_full/8_firmware | * |
| selea | targa_504_firmware | * |
| selea | targa_512_firmware | * |
| selea | targa_704_ilb_firmware | * |
| selea | targa_704_tkm_firmware | * |
| selea | targa_710_inox_firmware | * |
| selea | targa_750_firmware | * |
| selea | targa_805_firmware | * |
| selea | targa_semplice_firmware | * |
| selea | carplateserver | 3.005(191112) |
| selea | carplateserver | 3.005(191206) |
| selea | carplateserver | 3.100(200225) |
| selea | carplateserver | 4.013(201105) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Selea Targa IP OCR-ANPR Camera is due to a hard-coded developer password ('Selea781830') that allows unauthorized users to access a hidden configuration page. Attackers can exploit this to upload configurations and overwrite device settings without authorization.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the hidden and undocumented web page /dev.html on the Selea Targa IP OCR-ANPR Camera and attempting to access the configuration upload endpoint /cgi-bin/utils.php with the command parameter cmd=DEVPASS. A detection method involves sending an AJAX request with the MD5 hash of the hard-coded password 'Selea781830' to see if the server responds with an authentication success message ("auth":"OK"). For example, using curl to send a POST request with the hashed password to the endpoint can help verify if the backdoor is accessible. Specific commands could include: 1) Accessing the hidden page: curl -I http://<camera_ip>/dev.html 2) Sending the authentication request: curl -X POST -d "cmd=DEVPASS&pwd=<md5_hash_of_Selea781830>" http://<camera_ip>/cgi-bin/utils.php and checking for a JSON response indicating successful authentication. This approach helps identify if the device is vulnerable by confirming the presence of the backdoor and the hard-coded password acceptance. [4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected Selea Targa IP OCR-ANPR cameras to trusted users only, such as isolating the devices on a secure network segment or behind a firewall to prevent unauthorized remote access. Additionally, updating the device firmware and CarPlateServer software to the latest versions provided by the vendor, which include fixes for this vulnerability, is critical. If updates are not yet available, disabling or blocking access to the hidden /dev.html page and the /cgi-bin/utils.php endpoint at the network level can help reduce exposure. Monitoring device logs and network traffic for suspicious access attempts to these endpoints is also recommended to detect exploitation attempts. [5]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access and control over the camera's configuration, potentially allowing attackers to change device settings, disrupt normal operation, or compromise the security and integrity of the device and the network it is connected to.