CVE-2025-34022 is a critical path traversal vulnerability (CWE-22) affecting multiple models of Selea's Targa IP OCR-ANPR cameras, including iZero, Targa 512, 504, Semplice, 704 TKM, 805, 710 INOX, 750, and 704 ILB. The vulnerability resides in the /common/get_file.php script used on the "Download Archive in Storage" page. This script fails to properly sanitize and validate the user-supplied 'file' parameter, allowing unauthenticated remote attackers to perform directory traversal attacks. By exploiting this flaw, attackers can access arbitrary files on the device's filesystem, including sensitive system files that may contain cleartext credentials and other critical system information. This can lead to authentication bypass, unauthorized access, and potential full compromise of the device. The vulnerability affects multiple firmware versions ranging from builds dated as early as 2019 to 2020 and CPS versions 3.x and 4.x. The CVSS 4.0 base score is 9.3 (critical), reflecting the high impact and ease of exploitation without requiring authentication or user interaction. The vulnerability compromises confidentiality and integrity severely, with potential cascading effects on availability if attackers leverage the information to disrupt device operation or pivot into the network. No patches or exploits in the wild are currently reported, but the criticality and nature of the vulnerability make it a high-priority risk for organizations using these devices.

For European organizations, the impact of this vulnerability is significant, especially for those deploying Selea Targa IP OCR-ANPR cameras in critical infrastructure, law enforcement, transportation, and smart city environments. These cameras are often used for automated license plate recognition and vehicle monitoring, making them integral to security and operational workflows. Exploitation could lead to unauthorized disclosure of sensitive data, including credentials that protect the device and potentially connected systems. This could enable attackers to bypass authentication controls, manipulate camera data, disrupt surveillance operations, or gain a foothold within the network. The compromise of such devices could undermine public safety, law enforcement investigations, and traffic management systems. Additionally, the exposure of system files might facilitate further attacks, such as firmware tampering or lateral movement within organizational networks. Given the criticality and unauthenticated nature of the exploit, the threat poses a high risk to confidentiality, integrity, and availability of affected systems and associated services.

1. Immediate mitigation should focus on network-level controls: restrict access to the camera management interfaces to trusted internal networks only, using firewalls or VLAN segmentation to prevent exposure to untrusted networks or the internet. 2. Implement strict access control lists (ACLs) on network devices to limit which hosts can communicate with the cameras, ideally allowing only authorized management stations. 3. Monitor network traffic for unusual requests targeting the /common/get_file.php endpoint or attempts to use directory traversal patterns (e.g., '../') in HTTP parameters. 4. Where possible, disable or restrict the 'Download Archive in Storage' functionality if not essential for operations. 5. Engage with Selea for firmware updates or patches addressing this vulnerability; if unavailable, consider temporary device replacement or compensating controls. 6. Conduct regular audits of device configurations and logs to detect any signs of exploitation or unauthorized access. 7. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect path traversal attempts targeting these devices. 8. Educate operational technology (OT) and security teams about this vulnerability to ensure rapid response and remediation planning. 9. Consider isolating the cameras on dedicated networks with no direct internet access to minimize exposure.