CVE-2021-47731
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2026-02-23

Assigner: VulnCheck

Description
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47731
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
selea izero_box_full_firmware *
selea izero_column_entry/8_firmware *
selea izero_column_full/8_firmware *
selea targa_504_firmware *
selea targa_512_firmware *
selea targa_704_ilb_firmware *
selea targa_704_tkm_firmware *
selea targa_710_inox_firmware *
selea targa_750_firmware *
selea targa_805_firmware *
selea targa_semplice_firmware *
selea carplateserver 3.005(191112)
selea carplateserver 3.005(191206)
selea carplateserver 3.100(200225)
selea carplateserver 4.013(201105)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Selea Targa IP OCR-ANPR Camera is due to a hard-coded developer password ('Selea781830') that allows unauthorized users to access a hidden configuration page. Attackers can exploit this to upload configurations and overwrite device settings without authorization.

Impact Analysis

This vulnerability can lead to unauthorized access and control over the camera's configuration, potentially allowing attackers to change device settings, disrupt normal operation, or compromise the security and integrity of the device and the network it is connected to.

Detection Guidance

This vulnerability can be detected by checking for the presence of the hidden and undocumented web page /dev.html on the Selea Targa IP OCR-ANPR Camera and attempting to access the configuration upload endpoint /cgi-bin/utils.php with the command parameter cmd=DEVPASS. A detection method involves sending an AJAX request with the MD5 hash of the hard-coded password 'Selea781830' to see if the server responds with an authentication success message ("auth":"OK"). For example, using curl to send a POST request with the hashed password to the endpoint can help verify if the backdoor is accessible. Specific commands could include: 1) Accessing the hidden page: curl -I http://<camera_ip>/dev.html 2) Sending the authentication request: curl -X POST -d "cmd=DEVPASS&pwd=<md5_hash_of_Selea781830>" http://<camera_ip>/cgi-bin/utils.php and checking for a JSON response indicating successful authentication. This approach helps identify if the device is vulnerable by confirming the presence of the backdoor and the hard-coded password acceptance. [4, 5]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected Selea Targa IP OCR-ANPR cameras to trusted users only, such as isolating the devices on a secure network segment or behind a firewall to prevent unauthorized remote access. Additionally, updating the device firmware and CarPlateServer software to the latest versions provided by the vendor, which include fixes for this vulnerability, is critical. If updates are not yet available, disabling or blocking access to the hidden /dev.html page and the /cgi-bin/utils.php endpoint at the network level can help reduce exposure. Monitoring device logs and network traffic for suspicious access attempts to these endpoints is also recommended to detect exploitation attempts. [5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47731. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart