Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Selea
  • Carplateserver
  • Izero Box Full
  • Izero Box Full Firmware
  • Izero Column Entry\/8
  • Izero Column Entry\/8 Firmware
  • Izero Column Full\/8
  • Izero Column Full\/8 Firmware
  • Targa 504
  • Targa 504 Firmware
  • Targa 512
  • Targa 512 Firmware
  • Targa 704 Ilb
  • Targa 704 Ilb Firmware
  • Targa 704 Tkm
  • Targa 704 Tkm Firmware
  • Targa 710 Inox
  • Targa 710 Inox Firmware
  • Targa 750
  • Targa 750 Firmware
  • Targa 805
  • Targa 805 Firmware
  • Targa Ip Ocr-anpr Camera
  • Targa Semplice
  • Targa Semplice Firmware

Configuration 1 [-]

AND
cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_column_entry\/8:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:selea:izero_column_full\/8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_column_full\/8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:selea:targa_704_ilb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_704_ilb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:selea:targa_704_tkm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_704_tkm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:selea:targa_710_inox_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_710_inox:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:selea:targa_750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:selea:targa_805_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_805:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:selea:targa_semplice_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_semplice:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR cpe:2.3:a:selea:carplateserver:3.005\(191112\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:3.005\(191206\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:3.100\(200225\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:4.013\(201105\):*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/zeroscience cve-icon cve-icon
https://www.exploit-db.com/exploits/49458 cve-icon cve-icon
https://www.selea.com cve-icon cve-icon
https://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creation cve-icon cve-icon
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php cve-icon cve-icon
History

Mon, 23 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Selea carplateserver
Selea izero Box Full
Selea izero Box Full Firmware
Selea izero Column Entry\/8
Selea izero Column Entry\/8 Firmware
Selea izero Column Full\/8
Selea izero Column Full\/8 Firmware
Selea targa 504
Selea targa 504 Firmware
Selea targa 512
Selea targa 512 Firmware
Selea targa 704 Ilb
Selea targa 704 Ilb Firmware
Selea targa 704 Tkm
Selea targa 704 Tkm Firmware
Selea targa 710 Inox
Selea targa 710 Inox Firmware
Selea targa 750
Selea targa 750 Firmware
Selea targa 805
Selea targa 805 Firmware
Selea targa Semplice
Selea targa Semplice Firmware
Weaknesses CWE-352
CPEs cpe:2.3:a:selea:carplateserver:3.005\(191112\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:3.005\(191206\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:3.100\(200225\):*:*:*:*:*:*:*
cpe:2.3:a:selea:carplateserver:4.013\(201105\):*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_column_entry\/8:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:izero_column_full\/8:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_704_ilb:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_704_tkm:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_710_inox:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_750:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_805:-:*:*:*:*:*:*:*
cpe:2.3:h:selea:targa_semplice:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:izero_column_full\/8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_704_ilb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_704_tkm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_710_inox_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_805_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:selea:targa_semplice_firmware:-:*:*:*:*:*:*:*
Vendors & Products Selea carplateserver
Selea izero Box Full
Selea izero Box Full Firmware
Selea izero Column Entry\/8
Selea izero Column Entry\/8 Firmware
Selea izero Column Full\/8
Selea izero Column Full\/8 Firmware
Selea targa 504
Selea targa 504 Firmware
Selea targa 512
Selea targa 512 Firmware
Selea targa 704 Ilb
Selea targa 704 Ilb Firmware
Selea targa 704 Tkm
Selea targa 704 Tkm Firmware
Selea targa 710 Inox
Selea targa 710 Inox Firmware
Selea targa 750
Selea targa 750 Firmware
Selea targa 805
Selea targa 805 Firmware
Selea targa Semplice
Selea targa Semplice Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Wed, 10 Dec 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Selea
Selea targa Ip Ocr-anpr Camera
Vendors & Products Selea
Selea targa Ip Ocr-anpr Camera

Tue, 09 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
Title Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-09T20:46:29.807Z

Updated: 2025-12-09T21:07:10.871Z

Reserved: 2025-12-07T20:10:09.804Z

Link: CVE-2021-47730

cve-icon Vulnrichment

Updated: 2025-12-09T21:07:07.032Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T21:15:51.550

Modified: 2026-02-23T18:57:31.597

Link: CVE-2021-47730

cve-icon Redhat

No data.