Vulnerability Details CVE-2021-47728
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2021-47728
-
cpe:2.3:a:selea:carplateserver:3.005(191112)
-
cpe:2.3:a:selea:carplateserver:3.005(191206)
-
cpe:2.3:a:selea:carplateserver:3.100(200225)
-
cpe:2.3:a:selea:carplateserver:4.013(201105)
-
cpe:2.3:h:selea:izero_box_full:-
-
cpe:2.3:h:selea:izero_column_entry/8:-
-
cpe:2.3:h:selea:izero_column_full/8:-
-
cpe:2.3:h:selea:targa_504:-
-
cpe:2.3:h:selea:targa_512:-
-
cpe:2.3:h:selea:targa_704_ilb:-
-
cpe:2.3:h:selea:targa_704_tkm:-
-
cpe:2.3:h:selea:targa_710_inox:-
-
cpe:2.3:h:selea:targa_750:-
-
cpe:2.3:h:selea:targa_805:-
-
cpe:2.3:h:selea:targa_semplice:-
-
cpe:2.3:o:selea:izero_box_full_firmware:-
-
cpe:2.3:o:selea:izero_column_entry/8_firmware:-
-
cpe:2.3:o:selea:izero_column_full/8_firmware:-
-
cpe:2.3:o:selea:targa_504_firmware:-
-
cpe:2.3:o:selea:targa_512_firmware:-
-
cpe:2.3:o:selea:targa_704_ilb_firmware:-
-
cpe:2.3:o:selea:targa_704_tkm_firmware:-
-
cpe:2.3:o:selea:targa_710_inox_firmware:-
-
cpe:2.3:o:selea:targa_750_firmware:-
-
cpe:2.3:o:selea:targa_805_firmware:-
-
cpe:2.3:o:selea:targa_semplice_firmware:-