Home

Description

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-20 | Updated 2026-04-07 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

BLD201113005214 (custom)
affected

BLD201106163745 (custom)
affected

BLD200304170901 (custom)
affected

BLD200304170514 (custom)
affected

BLD200303143345 (custom)
affected

BLD191118145435 (custom)
affected

BLD191021180140 (custom)
affected

CPS 4.013(201105) (custom)
affected

CPS 3.100(200225) (custom)
affected

CPS 3.005(191206) (custom)
affected

CPS 3.005(191112) (custom)
affected

Credits

Gjoko Krstic finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5616.php third-party-advisory exploit

packetstorm.news/files/id/161057 third-party-advisory exploit

cxsecurity.com/issue/WLB-2021010165 third-party-advisory exploit

www.exploit-db.com/exploits/49456 third-party-advisory exploit

www.selea.com product

vulncheck.com/...sories/selea-targa-ip-camera-path-traversal third-party-advisory

cve.org (CVE-2025-34022)

nvd.nist.gov (CVE-2025-34022)

Download JSON