CVE-2021-47730 - Vulnerability Details

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00111.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Selea Subscribe	Carplateserver Subscribe Izero Box Full Subscribe Izero Box Full Firmware Subscribe Izero Column Entry\/8 Subscribe Izero Column Entry\/8 Firmware Subscribe Izero Column Full\/8 Subscribe Izero Column Full\/8 Firmware Subscribe Targa 504 Subscribe Targa 504 Firmware Subscribe Targa 512 Subscribe Targa 512 Firmware Subscribe Targa 704 Ilb Subscribe Targa 704 Ilb Firmware Subscribe Targa 704 Tkm Subscribe Targa 704 Tkm Firmware Subscribe Targa 710 Inox Subscribe Targa 710 Inox Firmware Subscribe Targa 750 Subscribe Targa 750 Firmware Subscribe Targa 805 Subscribe Targa 805 Firmware Subscribe Targa Ip Ocr-anpr Camera Subscribe Targa Semplice Subscribe Targa Semplice Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_entry\/8:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:selea:izero_column_full\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_full\/8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:selea:targa_704_ilb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_ilb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:selea:targa_704_tkm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_tkm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:selea:targa_710_inox_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_710_inox:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:selea:targa_750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:selea:targa_805_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_805:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:selea:targa_semplice_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_semplice:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::*
	cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::*
	cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::*
	cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Selea Subscribe	Targa Ip Ocr-anpr Camera Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/zeroscience
https://www.exploit-db.com/exploits/49458
https://www.selea.com
https://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creation
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php

History

Tue, 24 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-798

Mon, 23 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
Weaknesses		CWE-352
CPEs		cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::* cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::* cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::* cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::* cpe:2.3:h:selea:izero_box_full:-:::::::* cpe:2.3:h:selea:izero_column_entry\/8:-:::::::* cpe:2.3:h:selea:izero_column_full\/8:-:::::::* cpe:2.3:h:selea:targa_504:-:::::::* cpe:2.3:h:selea:targa_512:-:::::::* cpe:2.3:h:selea:targa_704_ilb:-:::::::* cpe:2.3:h:selea:targa_704_tkm:-:::::::* cpe:2.3:h:selea:targa_710_inox:-:::::::* cpe:2.3:h:selea:targa_750:-:::::::* cpe:2.3:h:selea:targa_805:-:::::::* cpe:2.3:h:selea:targa_semplice:-:::::::* cpe:2.3:o:selea:izero_box_full_firmware:-:::::::* cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:::::::* cpe:2.3:o:selea:izero_column_full\/8_firmware:-:::::::* cpe:2.3:o:selea:targa_504_firmware:-:::::::* cpe:2.3:o:selea:targa_512_firmware:-:::::::* cpe:2.3:o:selea:targa_704_ilb_firmware:-:::::::* cpe:2.3:o:selea:targa_704_tkm_firmware:-:::::::* cpe:2.3:o:selea:targa_710_inox_firmware:-:::::::* cpe:2.3:o:selea:targa_750_firmware:-:::::::* cpe:2.3:o:selea:targa_805_firmware:-:::::::* cpe:2.3:o:selea:targa_semplice_firmware:-:::::::*
Vendors & Products		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 10 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea Selea targa Ip Ocr-anpr Camera
Vendors & Products		Selea Selea targa Ip Ocr-anpr Camera

Tue, 09 Dec 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
Title		Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation
Weaknesses		CWE-798
References		https://github.com/zeroscience https://www.exploit-db.com/exploits/49458 https://www.selea.com https://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creation https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-09T20:46:29.807Z

Updated: 2026-02-24T13:59:07.779Z

Reserved: 2025-12-07T20:10:09.804Z

Link: CVE-2021-47730

Vulnrichment

Updated: 2025-12-09T21:07:07.032Z

NVD

Status : Modified

Published: 2025-12-09T21:15:51.550

Modified: 2026-02-24T15:21:34.053

Link: CVE-2021-47730

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-10T21:33:29Z

Weaknesses

CWE-352

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object