9.8
CVE-2021-47728
- EPSS 1.36%
- Veröffentlicht 09.12.2025 20:44:20
- Zuletzt bearbeitet 23.02.2026 19:00:13
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSelea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Selea ≫ Izero Box Full Firmware Version-
Selea ≫ Izero Column Entry/8 Firmware Version-
Selea ≫ Izero Column Full/8 Firmware Version-
Selea ≫ Targa 504 Firmware Version-
Selea ≫ Targa 512 Firmware Version-
Selea ≫ Targa 704 Ilb Firmware Version-
Selea ≫ Targa 704 Tkm Firmware Version-
Selea ≫ Targa 710 Inox Firmware Version-
Selea ≫ Targa 750 Firmware Version-
Selea ≫ Targa 805 Firmware Version-
Selea ≫ Targa Semplice Firmware Version-
Selea ≫ Carplateserver Version3.005(191112)
Selea ≫ Carplateserver Version3.005(191206)
Selea ≫ Carplateserver Version3.100(200225)
Selea ≫ Carplateserver Version4.013(201105)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.799 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.