Description
A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
Published: 2025-06-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery
Action: Apply Patch
AI Analysis

Impact

The flaw is a classic SSRF that occurs when the camera’s web interface accepts malicious JSON POST data containing fields such as ipnotify_address and url. The internal image‑fetch routine blindly follows these values, enabling an unauthenticated remote attacker to force the device to send arbitrary HTTP requests. This could allow an attacker to probe internal services, exfiltrate data, or bypass firewall rules. The weakness is categorized as CWE‑20 (Improper Input Validation) and CWE‑918 (Server‑Side Request Forgery).

Affected Systems

The issue is reported on Selea’s Targa IP OCR‑ANPR camera line, impacting models including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. No specific firmware or software version information was supplied, so assess all acquired devices for this vulnerability.

Risk and Exploitability

With a CVSS score of 7.8, the vulnerability is classed as high severity. The EPSS score is below 1%, indicating that, at present, the known exploit rate is very low, and the attack is not listed in the CISA KEV catalog. However, the attack vector is remote, unauthenticated, and requires only network access to the camera’s management interface, making exploitation straightforward should a patch not be applied. Given this profile, administrators should treat it as an actionable threat and deploy mitigations promptly.

Generated by OpenCVE AI on April 28, 2026 at 11:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the camera firmware or apply the vendor‑issued patch for the affected Selea Targa models.
  • Restrict or remove the ability to post JSON content that controls ipnotify_address and url, or enforce strict input validation on those fields within the device’s firmware.
  • Configure network firewalls or segmentation to block unwanted outbound traffic from the cameras to internal or external resources.

Generated by OpenCVE AI on April 28, 2026 at 11:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18779 A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.
History

Thu, 20 Nov 2025 21:45:00 +0000

Type Values Removed Values Added
Description A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.

Mon, 23 Jun 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Jun 2025 19:00:00 +0000

Type Values Removed Values Added
Description A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.
Title Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
Weaknesses CWE-20
CWE-918
References
Metrics cvssV4_0

{'score': 7.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:00.779Z

Reserved: 2025-04-15T19:15:22.545Z

Link: CVE-2025-34021

cve-icon Vulnrichment

Updated: 2025-06-23T20:35:22.616Z

cve-icon NVD

Status : Deferred

Published: 2025-06-20T19:15:36.530

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34021

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:15:26Z

Weaknesses