CVE-2025-34021 HIGH

CVE-2025-34021: Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery

Vendor Selea
Product Targa IP OCR-ANPR Camera
Weakness CWE-918 · SSRF
Published June 20, 2025
Last update April 7, 2026
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N

What the vulnerability does

01Description

A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.

Key dates

02Disclosure timeline

June 20, 2025 CVE published
April 7, 2026 Record updated