CVE-2021-47728
high-risk
Published 2025-12-09
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (15)
Izero Box Full Firmware
Izero Column Entry\/8 Firmware
Izero Column Full\/8 Firmware
Targa 504 Firmware
Targa 512 Firmware
Targa 704 Ilb Firmware
Targa 704 Tkm Firmware
Targa 710 Inox Firmware
Targa 750 Firmware
Targa 805 Firmware
Targa Semplice Firmware
Carplateserver
Carplateserver
Carplateserver
Carplateserver
Affected Vendors
References (5)
Not Applicable
https://github.com/zeroscience
Product
https://www.selea.com
Third Party Advisory
https://www.vulncheck.com/advisories/selea-targa-ip-camera-remote-code-execution...
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5620.php
54
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
18/34 · Moderate