CVE-2025-34022: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Selea Targa IP OCR-ANPR Camera
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
AI Analysis
Technical Summary
CVE-2025-34022 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as path traversal) affecting multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The flaw resides in the /common/get_file.php script used in the 'Download Archive in Storage' functionality, where the file parameter is not properly sanitized or validated. This allows unauthenticated remote attackers to craft requests that traverse directories and access arbitrary files on the device's filesystem. Critical system files, including those containing cleartext credentials, can be read, which may lead to authentication bypass and disclosure of sensitive system information. The vulnerability is exploitable over the network without any authentication or user interaction, making it highly accessible to attackers. The CVSS 4.0 base score is 9.3, reflecting the critical nature of the flaw with high impact on confidentiality and system integrity, and a wide scope of affected devices due to multiple vulnerable firmware versions. Evidence of exploitation was observed by the Shadowserver Foundation on February 2, 2025, indicating active interest or attacks in the wild. No official patches have been linked yet, increasing urgency for mitigation. The affected firmware versions span multiple releases from late 2019 through 2020 and 2021, suggesting a long window of exposure. Given the role of these cameras in automatic number plate recognition (ANPR) systems, the vulnerability poses a significant risk to surveillance and traffic monitoring infrastructures.
Potential Impact
For European organizations, especially those in law enforcement, transportation, and critical infrastructure sectors relying on Selea Targa IP OCR-ANPR cameras, this vulnerability presents a severe risk. Exploitation can lead to unauthorized disclosure of sensitive data, including credentials that could allow attackers to gain persistent access or control over the camera devices. This compromises the integrity and availability of surveillance data, potentially disrupting traffic monitoring and law enforcement operations. The exposure of system information may facilitate further attacks on the network or connected systems. Given the criticality of ANPR systems in public safety and urban management, exploitation could undermine trust and operational effectiveness. Additionally, attackers could leverage compromised devices as pivot points for lateral movement within organizational networks. The unauthenticated nature of the exploit increases the likelihood of attacks from external threat actors, including cybercriminals or state-sponsored groups targeting European infrastructure. The potential for widespread impact is heightened by the multiple affected firmware versions and the absence of available patches at the time of disclosure.
Mitigation Recommendations
Immediate mitigation should focus on network-level protections such as isolating the affected cameras from untrusted networks and restricting access to the /common/get_file.php endpoint via firewall rules or web application firewalls (WAFs). Organizations should conduct an inventory of all Selea Targa IP OCR-ANPR camera models and firmware versions in use to identify vulnerable devices. Until official patches are released, disabling or limiting the 'Download Archive in Storage' functionality may reduce exposure. Monitoring network traffic for suspicious requests targeting the vulnerable script can help detect exploitation attempts. Implementing strong network segmentation to separate camera devices from critical IT infrastructure will limit potential lateral movement. Organizations should also enforce strict credential management and consider rotating any exposed credentials immediately. Once Selea releases firmware updates addressing CVE-2025-34022, prompt application of these patches is essential. Additionally, security teams should review and enhance logging and alerting mechanisms on camera management interfaces to detect anomalous access patterns. Collaboration with vendors and sharing threat intelligence within industry groups can improve situational awareness and response.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Austria
CVE-2025-34022: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Selea Targa IP OCR-ANPR Camera
Description
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
AI-Powered Analysis
Technical Analysis
CVE-2025-34022 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as path traversal) affecting multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The flaw resides in the /common/get_file.php script used in the 'Download Archive in Storage' functionality, where the file parameter is not properly sanitized or validated. This allows unauthenticated remote attackers to craft requests that traverse directories and access arbitrary files on the device's filesystem. Critical system files, including those containing cleartext credentials, can be read, which may lead to authentication bypass and disclosure of sensitive system information. The vulnerability is exploitable over the network without any authentication or user interaction, making it highly accessible to attackers. The CVSS 4.0 base score is 9.3, reflecting the critical nature of the flaw with high impact on confidentiality and system integrity, and a wide scope of affected devices due to multiple vulnerable firmware versions. Evidence of exploitation was observed by the Shadowserver Foundation on February 2, 2025, indicating active interest or attacks in the wild. No official patches have been linked yet, increasing urgency for mitigation. The affected firmware versions span multiple releases from late 2019 through 2020 and 2021, suggesting a long window of exposure. Given the role of these cameras in automatic number plate recognition (ANPR) systems, the vulnerability poses a significant risk to surveillance and traffic monitoring infrastructures.
Potential Impact
For European organizations, especially those in law enforcement, transportation, and critical infrastructure sectors relying on Selea Targa IP OCR-ANPR cameras, this vulnerability presents a severe risk. Exploitation can lead to unauthorized disclosure of sensitive data, including credentials that could allow attackers to gain persistent access or control over the camera devices. This compromises the integrity and availability of surveillance data, potentially disrupting traffic monitoring and law enforcement operations. The exposure of system information may facilitate further attacks on the network or connected systems. Given the criticality of ANPR systems in public safety and urban management, exploitation could undermine trust and operational effectiveness. Additionally, attackers could leverage compromised devices as pivot points for lateral movement within organizational networks. The unauthenticated nature of the exploit increases the likelihood of attacks from external threat actors, including cybercriminals or state-sponsored groups targeting European infrastructure. The potential for widespread impact is heightened by the multiple affected firmware versions and the absence of available patches at the time of disclosure.
Mitigation Recommendations
Immediate mitigation should focus on network-level protections such as isolating the affected cameras from untrusted networks and restricting access to the /common/get_file.php endpoint via firewall rules or web application firewalls (WAFs). Organizations should conduct an inventory of all Selea Targa IP OCR-ANPR camera models and firmware versions in use to identify vulnerable devices. Until official patches are released, disabling or limiting the 'Download Archive in Storage' functionality may reduce exposure. Monitoring network traffic for suspicious requests targeting the vulnerable script can help detect exploitation attempts. Implementing strong network segmentation to separate camera devices from critical IT infrastructure will limit potential lateral movement. Organizations should also enforce strict credential management and consider rotating any exposed credentials immediately. Once Selea releases firmware updates addressing CVE-2025-34022, prompt application of these patches is essential. Additionally, security teams should review and enhance logging and alerting mechanisms on camera management interfaces to detect anomalous access patterns. Collaboration with vendors and sharing threat intelligence within industry groups can improve situational awareness and response.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.545Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68568e82aded773421b5a855
Added to database: 6/21/2025, 10:50:42 AM
Last enriched: 11/27/2025, 4:37:54 PM
Last updated: 1/7/2026, 4:24:13 AM
Views: 55
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-20893: Origin validation error in Fujitsu Client Computing Limited Fujitsu Security Solution AuthConductor Client Basic V2
HighCVE-2025-14891: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ivole Customer Reviews for WooCommerce
MediumCVE-2025-14059: CWE-73 External Control of File Name or Path in roxnor EmailKit – Email Customizer for WooCommerce & WP
MediumCVE-2025-12648: CWE-552 Files or Directories Accessible to External Parties in cbutlerjr WP-Members Membership Plugin
MediumCVE-2025-14631: CWE-476 NULL Pointer Dereference in TP-Link Systems Inc. Archer BE400
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.