CVE-2021-47727

Summary

Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.

Affected Software

VendorProductVersion RangeStatus
Selea s.r.l.Selea Targa IP OCR-ANPR CameraModel: iZeroaffected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References