ГлавнаяУязвимости → CVE-2021-47730
8.8высокая

CVE-2021-47730

Описание

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.

Затрагиваемое ПО
Selea Izero box full firmwareSelea Izero box fullSelea Izero column entry\/8 firmwareSelea Izero column entry\/8Selea Izero column full\/8 firmwareSelea Izero column full\/8Selea Targa 504 firmwareSelea Targa 504Selea Targa 512 firmwareSelea Targa 512Selea Targa 704 ilb firmwareSelea Targa 704 ilbSelea Targa 704 tkm firmwareSelea Targa 704 tkmSelea Targa 710 inox firmwareSelea Targa 710 inoxSelea Targa 750 firmwareSelea Targa 750Selea Targa 805 firmwareSelea Targa 805Selea Targa semplice firmwareSelea Targa sempliceSelea Carplateserver
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/zerosciencehttps://www.exploit-db.com/exploits/49458https://www.selea.comhttps://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creationhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php