CVE-2025-34022

Description

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.

Reserved 2025-04-15 | Published 2025-06-20 | Updated 2025-06-20 | Assigner VulnCheck

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

BLD201113005214
affected

BLD201106163745
affected

BLD200304170901
affected

BLD200304170514
affected

BLD200303143345
affected

BLD191118145435
affected

BLD191021180140
affected

CPS 4.013(201105)
affected

CPS 3.100(200225)
affected

CPS 3.005(191206)
affected

CPS 3.005(191112)
affected

Credits

Gjoko Krstic finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5616.php third-party-advisory exploit

packetstorm.news/files/id/161057 third-party-advisory exploit

cxsecurity.com/issue/WLB-2021010165 third-party-advisory exploit

www.exploit-db.com/exploits/49456 third-party-advisory exploit

www.selea.com product

vulncheck.com/...sories/selea-targa-ip-camera-path-traversal third-party-advisory

cve.org (CVE-2025-34022)

nvd.nist.gov (CVE-2025-34022)

Download JSON