CVE-2025-34021

A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.

CVSS

No CVSS.

References

Link	Resource
https://cxsecurity.com/issue/WLB-2021010170
https://packetstorm.news/files/id/161059
https://vulncheck.com/advisories/selea-targa-ip-camera-ssrf
https://www.exploit-db.com/exploits/49457
https://www.selea.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php

Configurations

No configuration.

History

23 Jun 2025, 20:16

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de server-side request forgery (SSRF) en varios modelos de Selea Targa IP OCR-ANPR camera, como iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750 y Targa 704 ILB. La aplicación no valida la entrada del usuario en parámetros JSON POST, como ipnotify_address y url, que utilizan los mecanismos internos para obtener imágenes y realizar búsquedas DNS. Esto permite a atacantes remotos no autenticados inducir al sistema a realizar solicitudes HTTP arbitrarias a sistemas internos o externos, lo que podría eludir las políticas del firewall o realizar la enumeración interna de servicios.

20 Jun 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-20 19:15

Updated : 2025-06-23 20:16

NVD link : CVE-2025-34021

Mitre link : CVE-2025-34021

CVE.ORG link : CVE-2025-34021

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-34021", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-20T19:15:36.530", "references": [{"url": "https://cxsecurity.com/issue/WLB-2021010170", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstorm.news/files/id/161059", "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/selea-targa-ip-camera-ssrf", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49457", "source": "disclosure@vulncheck.com"}, {"url": "https://www.selea.com", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration."}, {"lang": "es", "value": "Existe una vulnerabilidad de server-side request forgery (SSRF) en varios modelos de Selea Targa IP OCR-ANPR camera, como iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750 y Targa 704 ILB. La aplicaci\u00f3n no valida la entrada del usuario en par\u00e1metros JSON POST, como ipnotify_address y url, que utilizan los mecanismos internos para obtener im\u00e1genes y realizar b\u00fasquedas DNS. Esto permite a atacantes remotos no autenticados inducir al sistema a realizar solicitudes HTTP arbitrarias a sistemas internos o externos, lo que podr\u00eda eludir las pol\u00edticas del firewall o realizar la enumeraci\u00f3n interna de servicios."}], "lastModified": "2025-06-23T20:16:21.633", "sourceIdentifier": "disclosure@vulncheck.com"}