CVE-2021-47728

CRITICAL

Selea Targa IP OCR-ANPR Camera - Command Injection

Title source: llm

Description

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · bashwebappshardware

https://www.exploit-db.com/exploits/49460

View Code ZIP pw:eip

References (5)

[Various Sources] https://github.com/zeroscience

[Various Sources] https://www.selea.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49460

[Third Party Advisory] https://www.vulncheck.com/advisories/selea-targa-ip-camera-remote-code-execution-via-utils

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5620.php

Scores

CVSS v3 9.8

EPSS 0.0136

EPSS Percentile 79.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (15)

selea/izero_box_full_firmware

selea/izero_column_entry\/8_firmware

selea/izero_column_full\/8_firmware

selea/targa_504_firmware

selea/targa_512_firmware

selea/targa_704_ilb_firmware

selea/targa_704_tkm_firmware

selea/targa_710_inox_firmware

selea/targa_750_firmware

selea/targa_805_firmware

selea/targa_semplice_firmware

selea/carplateserver

selea/carplateserver

selea/carplateserver

selea/carplateserver

Timeline

Published Dec 09, 2025

Tracked Since Feb 18, 2026