Skip to main content

CVE-2025-34022: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Selea Targa IP OCR-ANPR Camera

Critical
VulnerabilityCVE-2025-34022cvecve-2025-34022cwe-22
Published: Fri Jun 20 2025 (06/20/2025, 18:37:23 UTC)
Source: CVE Database V5
Vendor/Project: Selea
Product: Targa IP OCR-ANPR Camera

Description

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.

AI-Powered Analysis

AILast updated: 06/21/2025, 11:07:22 UTC

Technical Analysis

CVE-2025-34022 is a critical path traversal vulnerability (CWE-22) affecting multiple models of Selea's Targa IP OCR-ANPR cameras, including iZero, Targa 512, 504, Semplice, 704 TKM, 805, 710 INOX, 750, and 704 ILB. The vulnerability resides in the /common/get_file.php script used on the "Download Archive in Storage" page. This script fails to properly sanitize and validate the user-supplied 'file' parameter, allowing unauthenticated remote attackers to perform directory traversal attacks. By exploiting this flaw, attackers can access arbitrary files on the device's filesystem, including sensitive system files that may contain cleartext credentials and other critical system information. This can lead to authentication bypass, unauthorized access, and potential full compromise of the device. The vulnerability affects multiple firmware versions ranging from builds dated as early as 2019 to 2020 and CPS versions 3.x and 4.x. The CVSS 4.0 base score is 9.3 (critical), reflecting the high impact and ease of exploitation without requiring authentication or user interaction. The vulnerability compromises confidentiality and integrity severely, with potential cascading effects on availability if attackers leverage the information to disrupt device operation or pivot into the network. No patches or exploits in the wild are currently reported, but the criticality and nature of the vulnerability make it a high-priority risk for organizations using these devices.

Potential Impact

For European organizations, the impact of this vulnerability is significant, especially for those deploying Selea Targa IP OCR-ANPR cameras in critical infrastructure, law enforcement, transportation, and smart city environments. These cameras are often used for automated license plate recognition and vehicle monitoring, making them integral to security and operational workflows. Exploitation could lead to unauthorized disclosure of sensitive data, including credentials that protect the device and potentially connected systems. This could enable attackers to bypass authentication controls, manipulate camera data, disrupt surveillance operations, or gain a foothold within the network. The compromise of such devices could undermine public safety, law enforcement investigations, and traffic management systems. Additionally, the exposure of system files might facilitate further attacks, such as firmware tampering or lateral movement within organizational networks. Given the criticality and unauthenticated nature of the exploit, the threat poses a high risk to confidentiality, integrity, and availability of affected systems and associated services.

Mitigation Recommendations

1. Immediate mitigation should focus on network-level controls: restrict access to the camera management interfaces to trusted internal networks only, using firewalls or VLAN segmentation to prevent exposure to untrusted networks or the internet. 2. Implement strict access control lists (ACLs) on network devices to limit which hosts can communicate with the cameras, ideally allowing only authorized management stations. 3. Monitor network traffic for unusual requests targeting the /common/get_file.php endpoint or attempts to use directory traversal patterns (e.g., '../') in HTTP parameters. 4. Where possible, disable or restrict the 'Download Archive in Storage' functionality if not essential for operations. 5. Engage with Selea for firmware updates or patches addressing this vulnerability; if unavailable, consider temporary device replacement or compensating controls. 6. Conduct regular audits of device configurations and logs to detect any signs of exploitation or unauthorized access. 7. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect path traversal attempts targeting these devices. 8. Educate operational technology (OT) and security teams about this vulnerability to ensure rapid response and remediation planning. 9. Consider isolating the cameras on dedicated networks with no direct internet access to minimize exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.545Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68568e82aded773421b5a855

Added to database: 6/21/2025, 10:50:42 AM

Last enriched: 6/21/2025, 11:07:22 AM

Last updated: 8/17/2025, 12:26:16 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats