CVE-2025-34022 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as a path traversal flaw. It affects multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The vulnerability resides in the /common/get_file.php script used on the 'Download Archive in Storage' page, which fails to properly sanitize and validate user-supplied input to the 'file' parameter. This improper validation allows unauthenticated remote attackers to traverse directories and read arbitrary files on the device filesystem. Sensitive files potentially exposed include system configuration files and files containing cleartext credentials. This exposure can lead to authentication bypass, enabling attackers to gain unauthorized access to the device and potentially pivot to other network assets. The vulnerability affects multiple firmware versions, spanning from builds dated 2019 to 2020 and CPS versions 3.x and 4.x. The CVSS 4.0 base score is 9.3, reflecting a critical severity due to the vulnerability's network attack vector, no required privileges or user interaction, and high impact on confidentiality and system control. Evidence of exploitation was observed by the Shadowserver Foundation in October 2025, indicating active attempts to leverage this flaw in the wild. No official patches or firmware updates are currently referenced, increasing the urgency for mitigation. The affected devices are commonly deployed in traffic monitoring and security surveillance, making the impact of compromise significant for operational continuity and data privacy.

For European organizations, this vulnerability poses a severe risk to the confidentiality and integrity of surveillance and traffic monitoring systems. Exploitation can lead to unauthorized disclosure of sensitive information, including credentials that could allow attackers to bypass authentication and gain persistent access to the devices. This could result in manipulation or disruption of traffic enforcement operations, loss of critical surveillance data, and potential lateral movement into broader network environments. Given the critical infrastructure role these cameras often play, successful exploitation could undermine public safety and law enforcement effectiveness. Additionally, exposure of sensitive data may lead to regulatory non-compliance under GDPR, resulting in legal and financial repercussions. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of widespread exploitation, especially in environments where these devices are accessible from untrusted networks or poorly segmented internal networks.

1. Immediately isolate affected Selea Targa IP OCR-ANPR cameras from public and untrusted networks by implementing strict network segmentation and firewall rules limiting access to management interfaces. 2. Disable remote access features unless absolutely necessary, and if required, restrict access via VPN or secure tunnels with strong authentication. 3. Monitor network traffic and device logs for unusual file access patterns or requests to /common/get_file.php with suspicious parameters. 4. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect path traversal attempts targeting these devices. 5. Regularly audit device firmware versions and configurations to identify and inventory vulnerable devices. 6. Engage with Selea or authorized vendors to obtain security patches or firmware updates addressing this vulnerability as soon as they become available. 7. If patching is not immediately possible, consider deploying compensating controls such as application-layer gateways or reverse proxies that validate and sanitize requests to vulnerable endpoints. 8. Educate operational technology (OT) and security teams about this vulnerability to ensure rapid detection and response to potential exploitation attempts.