1. Home
  2. CVE Database
  3. CVE-2021-47728
CRITICAL · 9.8

CVE-2021-47728

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'add...

Vulnerability Description

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SeleaIzero Box Full Firmware-
SeleaIzero Box Full-
SeleaIzero Column Entry\/8 Firmware-
SeleaIzero Column Entry\/8-
SeleaIzero Column Full\/8 Firmware-
SeleaIzero Column Full\/8-
SeleaTarga 504 Firmware-
SeleaTarga 504-
SeleaTarga 512 Firmware-
SeleaTarga 512-
SeleaTarga 704 Ilb Firmware-
SeleaTarga 704 Ilb-
SeleaTarga 704 Tkm Firmware-
SeleaTarga 704 Tkm-
SeleaTarga 710 Inox Firmware-
SeleaTarga 710 Inox-
SeleaTarga 750 Firmware-
SeleaTarga 750-
SeleaTarga 805 Firmware-
SeleaTarga 805-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2021-47728?

CVE-2021-47728 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'add...

How severe is CVE-2021-47728?

CVE-2021-47728 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-47728?

Check the references section above for vendor advisories and patch information. Affected products include: Selea Izero Box Full Firmware, Selea Izero Box Full, Selea Izero Column Entry\/8 Firmware, Selea Izero Column Entry\/8, Selea Izero Column Full\/8 Firmware.