CVE-2025-34021 is a high-severity server-side request forgery (SSRF) vulnerability affecting multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The vulnerability arises due to insufficient validation of user-supplied input in JSON POST parameters such as 'ipnotify_address' and 'url'. These parameters are used internally by the camera's software to perform image fetching and DNS lookups. Because the input is not properly sanitized or validated, an unauthenticated remote attacker can craft malicious requests that cause the camera to initiate arbitrary HTTP requests to internal or external network resources. This can lead to bypassing firewall restrictions and enable attackers to perform internal network reconnaissance or access otherwise inaccessible services. The vulnerability affects multiple firmware versions, including builds from 2019 through 2020 and CPS versions 3.x and 4.x. The CVSS 4.0 score is 7.8, indicating a high severity, with an attack vector of network, no required privileges or user interaction, and a high scope impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The underlying weakness corresponds to CWE-918 (SSRF) and CWE-20 (Improper Input Validation). Given the nature of the vulnerability, attackers can leverage it to pivot into internal networks, potentially compromising confidentiality and integrity of internal systems or disrupting availability by targeting critical internal services or infrastructure components.

For European organizations deploying Selea Targa IP OCR-ANPR cameras, this SSRF vulnerability poses significant risks. These cameras are often used in critical infrastructure environments such as traffic monitoring, law enforcement, toll collection, and urban surveillance. Exploitation could allow attackers to bypass perimeter defenses and access internal networks, leading to unauthorized data access, internal service enumeration, and possibly lateral movement within the network. This could compromise sensitive data, disrupt operational technology systems, or facilitate further attacks such as ransomware or espionage. The ability to induce arbitrary HTTP requests without authentication increases the attack surface and lowers the barrier to exploitation. Given the strategic use of these cameras in public safety and transportation sectors, successful exploitation could undermine public trust and cause operational disruptions. Additionally, the vulnerability could be leveraged to map internal network topologies, aiding attackers in planning more sophisticated intrusions. The lack of user interaction and authentication requirements means attacks can be automated and launched remotely, increasing the threat level for European entities relying on these devices.

Implement network segmentation to isolate Selea Targa IP OCR-ANPR cameras from critical internal systems, limiting the impact of any SSRF exploitation. Deploy strict egress filtering and firewall rules to restrict outbound HTTP requests from the cameras to only trusted and necessary endpoints, preventing arbitrary external requests. Monitor network traffic from these cameras for unusual or unexpected outbound connections, particularly to internal IP ranges or suspicious external domains. If possible, disable or restrict the functionality that uses the vulnerable JSON POST parameters ('ipnotify_address' and 'url') until a vendor patch is available. Engage with Selea to obtain firmware updates or patches addressing this vulnerability; prioritize timely deployment once available. Use web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) with SSRF detection capabilities to identify and block exploitation attempts. Conduct internal audits of all deployed Selea Targa IP OCR-ANPR camera models and firmware versions to identify affected devices and assess exposure. Implement strict input validation proxies or gateways if the cameras must interact with external services, to sanitize or block malicious requests. Educate security teams about SSRF risks and ensure incident response plans include scenarios involving IoT device exploitation.