CVE-2021-47728

CRITICAL

Selea Targa IP OCR-ANPR Camera - Command Injection

Title source: llm

Description

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · bashwebappshardware

https://www.exploit-db.com/exploits/49460

View Code ZIP pw:eip

References (5)

[Various Sources] https://github.com/zeroscience

[Various Sources] https://www.selea.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49460

[Third Party Advisory] https://www.vulncheck.com/advisories/selea-targa-ip-camera-remote-code-execution-via-utils

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5620.php

Scores

CVSS v3 9.8

EPSS 0.0155

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (16)

selea/carplateserver 3.005\(191112\)

selea/carplateserver 3.005\(191206\)

selea/carplateserver 3.100\(200225\)

selea/carplateserver 4.013\(201105\)

selea/izero_box_full_firmware

selea/izero_column_entry\/8_firmware

selea/izero_column_full\/8_firmware

Selea/Selea Targa IP OCR-ANPR Camera

selea/targa_504_firmware

selea/targa_512_firmware

... and 6 more

Published Dec 09, 2025

Tracked Since Feb 18, 2026