Skip to main content

CVE-2025-34021: CWE-918 Server-Side Request Forgery (SSRF) in Selea Targa IP OCR-ANPR Camera

High
VulnerabilityCVE-2025-34021cvecve-2025-34021cwe-918cwe-20
Published: Fri Jun 20 2025 (06/20/2025, 18:37:00 UTC)
Source: CVE Database V5
Vendor/Project: Selea
Product: Targa IP OCR-ANPR Camera

Description

A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.

AI-Powered Analysis

AILast updated: 06/21/2025, 11:21:01 UTC

Technical Analysis

CVE-2025-34021 is a high-severity server-side request forgery (SSRF) vulnerability affecting multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The vulnerability arises due to insufficient validation of user-supplied input in JSON POST parameters such as 'ipnotify_address' and 'url'. These parameters are used internally by the camera's software to perform image fetching and DNS lookups. Because the input is not properly sanitized or validated, an unauthenticated remote attacker can craft malicious requests that cause the camera to initiate arbitrary HTTP requests to internal or external network resources. This can lead to bypassing firewall restrictions and enable attackers to perform internal network reconnaissance or access otherwise inaccessible services. The vulnerability affects multiple firmware versions, including builds from 2019 through 2020 and CPS versions 3.x and 4.x. The CVSS 4.0 score is 7.8, indicating a high severity, with an attack vector of network, no required privileges or user interaction, and a high scope impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The underlying weakness corresponds to CWE-918 (SSRF) and CWE-20 (Improper Input Validation). Given the nature of the vulnerability, attackers can leverage it to pivot into internal networks, potentially compromising confidentiality and integrity of internal systems or disrupting availability by targeting critical internal services or infrastructure components.

Potential Impact

For European organizations deploying Selea Targa IP OCR-ANPR cameras, this SSRF vulnerability poses significant risks. These cameras are often used in critical infrastructure environments such as traffic monitoring, law enforcement, toll collection, and urban surveillance. Exploitation could allow attackers to bypass perimeter defenses and access internal networks, leading to unauthorized data access, internal service enumeration, and possibly lateral movement within the network. This could compromise sensitive data, disrupt operational technology systems, or facilitate further attacks such as ransomware or espionage. The ability to induce arbitrary HTTP requests without authentication increases the attack surface and lowers the barrier to exploitation. Given the strategic use of these cameras in public safety and transportation sectors, successful exploitation could undermine public trust and cause operational disruptions. Additionally, the vulnerability could be leveraged to map internal network topologies, aiding attackers in planning more sophisticated intrusions. The lack of user interaction and authentication requirements means attacks can be automated and launched remotely, increasing the threat level for European entities relying on these devices.

Mitigation Recommendations

Implement network segmentation to isolate Selea Targa IP OCR-ANPR cameras from critical internal systems, limiting the impact of any SSRF exploitation. Deploy strict egress filtering and firewall rules to restrict outbound HTTP requests from the cameras to only trusted and necessary endpoints, preventing arbitrary external requests. Monitor network traffic from these cameras for unusual or unexpected outbound connections, particularly to internal IP ranges or suspicious external domains. If possible, disable or restrict the functionality that uses the vulnerable JSON POST parameters ('ipnotify_address' and 'url') until a vendor patch is available. Engage with Selea to obtain firmware updates or patches addressing this vulnerability; prioritize timely deployment once available. Use web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) with SSRF detection capabilities to identify and block exploitation attempts. Conduct internal audits of all deployed Selea Targa IP OCR-ANPR camera models and firmware versions to identify affected devices and assess exposure. Implement strict input validation proxies or gateways if the cameras must interact with external services, to sanitize or block malicious requests. Educate security teams about SSRF risks and ensure incident response plans include scenarios involving IoT device exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.545Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68568e82aded773421b5a84d

Added to database: 6/21/2025, 10:50:42 AM

Last enriched: 6/21/2025, 11:21:01 AM

Last updated: 8/12/2025, 5:13:41 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats