ГлавнаяУязвимости → CVE-2021-47728
9.8критическая

CVE-2021-47728

Описание

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.

Затрагиваемое ПО
Selea Izero box full firmwareSelea Izero box fullSelea Izero column entry\/8 firmwareSelea Izero column entry\/8Selea Izero column full\/8 firmwareSelea Izero column full\/8Selea Targa 504 firmwareSelea Targa 504Selea Targa 512 firmwareSelea Targa 512Selea Targa 704 ilb firmwareSelea Targa 704 ilbSelea Targa 704 tkm firmwareSelea Targa 704 tkmSelea Targa 710 inox firmwareSelea Targa 710 inoxSelea Targa 750 firmwareSelea Targa 750Selea Targa 805 firmwareSelea Targa 805Selea Targa semplice firmwareSelea Targa sempliceSelea Carplateserver
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/zerosciencehttps://www.exploit-db.com/exploits/49460https://www.selea.comhttps://www.vulncheck.com/advisories/selea-targa-ip-camera-remote-code-execution-via-utilshttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5620.php