Description
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
Published: 2025-06-20
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote file disclosure with potential authentication bypass
Action: Patch immediately
AI Analysis

Impact

A path traversal vulnerability exists in the /common/get_file.php script of Selea Targa IP OCR-ANPR cameras. This flaw allows unauthenticated remote users to supply arbitrary file paths via the file parameter, enabling them to read any file on the device. Because system files containing cleartext credentials can be accessed, attackers could bypass authentication and gain full control over the camera and its network services. The weakness is a classic path traversal (CWE-22).

Affected Systems

The affected devices are multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. No specific firmware revision numbers are provided, so any device running those models prior to a vendor‑published fix is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.3 categorizes the flaw as critical. Although the EPSS score is below 1%, indicating low current exploitation activity, the vulnerability was observed in the wild, and the lack of authentication makes it highly attractive. The attack surface is limited to the camera’s publicly accessible web interface; an attacker only needs to send a crafted HTTP request to the vulnerable script without any credentials. If exploited, the attacker could read arbitrary files, obtain credentials, and subsequently control or disrupt the camera network. The flaw is not currently in CISA’s KEV catalog.

Generated by OpenCVE AI on April 28, 2026 at 01:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Selea firmware patch that corrects the path traversal issue on all affected camera models.
  • If a patch is not yet available, restrict external access to the camera’s web interface by configuring firewall rules or VPN restrictions to prevent unauthenticated exploitation.
  • Disable the Download Archive in Storage feature or remove the vulnerable /common/get_file.php script from the device’s URL namespace to eliminate the attack vector.

Generated by OpenCVE AI on April 28, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18778 A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.
History

Thu, 20 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-10-06 UTC. A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Thu, 20 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-10-06 UTC.

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00513}

 epss

{'score': 0.00523}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00328}

 epss

{'score': 0.00513}

Mon, 23 Jun 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Jun 2025 19:00:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.
Title Selea Targa IP OCR-ANPR Camera Path Traversal
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:01.879Z

Reserved: 2025-04-15T19:15:22.545Z

Link: CVE-2025-34022

cve-icon Vulnrichment

Updated: 2025-06-23T20:36:27.346Z

cve-icon NVD

Status : Deferred

Published: 2025-06-20T19:15:36.720

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:30:17Z

Weaknesses