- Description
- A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-22
- Hype score
- Not currently trending
Selea社のIPカメラTARGAシリーズにおける重大(Critical)な未修正の脆弱性について。CVE-2025-34022はCVSSスコア9.3で、iZero, Targa 512, Targa 504, Targa Semplice等に影響。ディレクトリトラバーサルで平文認証情報を含むカメラ
@__kokumoto
22 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Selea製ANPRカメラ「TARGA」シリーズに重大なパストラバーサル脆弱性(CVE-2025-34022)が発見された。 この脆弱性は、iZeroやTarga 512など複数モデルに影響し、/common/get_file.php内の入力検証の不備により、攻撃者が認
@yousukezan
22 Jun 2025
577 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🔓 Critical vulns in Selea Targa IP cameras (📸) 🗂️ CVE-2025-34022: Path traversal → file access 🌐 CVE-2025-34021: SSRF → internal network scans Models like iZero, Targa 805, 704 ILB affected. Read more: https://t.co/5cnKlmqCkf #infosec #CVE #cybersecurity https:
@threatsbank
21 Jun 2025
572 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-34022: CRITICAL] Multiple models of Selea Targa IP OCR-ANPR cameras are vulnerable to a path traversal flaw, allowing attackers to read sensitive files and potentially bypass authentication.#cve,CVE-2025-34022,#cybersecurity https://t.co/f8kJTjQodr https://t.co/iETOhaRz
@CveFindCom
20 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes