CVE-2025-34021

UNKNOWN 0.0

Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.

CWE	CWE-918 CWE-20
Vendor	selea
Product	targa ip ocr-anpr camera
Published	Jun 20, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for selea targa ip ocr-anpr camera

Be the first to know when new unknown vulnerabilities affecting selea targa ip ocr-anpr camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Selea / Targa IP OCR-ANPR Camera

BLD201113005214 BLD201106163745 BLD200304170901 BLD200304170514 BLD200303143345 BLD191118145435 BLD191021180140 CPS 4.013(201105) CPS 3.100(200225) CPS 3.005(191206) CPS 3.005(191112)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php exploit-db.com: https://www.exploit-db.com/exploits/49457 cxsecurity.com: https://cxsecurity.com/issue/WLB-2021010170 packetstorm.news: https://packetstorm.news/files/id/161059 selea.com: https://www.selea.com vulncheck.com: https://vulncheck.com/advisories/selea-targa-ip-camera-ssrf

Credits

Gjoko Krstic