CVE-2021-47729 – This stored cross-site scripting vulnerability ... (How to Fix)

Q: What is the severity of CVE-2021-47729?

CVE-2021-47729 has a CVSS score of 5.4 (MEDIUM). This stored cross-site scripting vulnerability in Selea Targa IP OCR-ANPR cameras allows attackers to inject malicious HTML and JavaScript via the 'files_list' parameter. When exploited, attackers can execute arbitrary scripts in victims' browser sessions, potentially stealing session cookies or performing actions as authenticated users. Organizations using affected Selea camera models are vulnerable.

📋 TL;DR

This stored cross-site scripting vulnerability in Selea Targa IP OCR-ANPR cameras allows attackers to inject malicious HTML and JavaScript via the 'files_list' parameter. When exploited, attackers can execute arbitrary scripts in victims' browser sessions, potentially stealing session cookies or performing actions as authenticated users. Organizations using affected Selea camera models are vulnerable.

💻 Affected Systems

Products:

Selea Targa IP OCR-ANPR Camera

Versions: Specific versions unknown; all versions prior to patched firmware likely affected

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default web interface configuration; requires network access to camera web interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take full control of the camera system, pivot to internal networks, or deploy ransomware on connected systems.

🟠

Likely Case

Session hijacking, credential theft, defacement of camera web interface, or unauthorized access to camera footage and settings.

🟢

If Mitigated

Limited to interface disruption or minor data exposure if proper network segmentation and web application firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication to access /cgi-bin/get_file.php endpoint; public exploit code available at Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.selea.com

Restart Required: Yes

Instructions:

1. Contact Selea support for firmware updates. 2. Download latest firmware from vendor portal. 3. Upload firmware via camera web interface. 4. Reboot camera after update.

🔧 Temporary Workarounds

Web Application Firewall

all

Deploy WAF with XSS filtering rules to block malicious payloads

Input Validation

all

Implement input sanitization for 'files_list' parameter if custom web interface modifications possible

🧯 If You Can't Patch

Segment camera network from critical systems using VLANs/firewalls
Disable camera web interface if not required; use API-only access

🔍 How to Verify

Check if Vulnerable:

Send POST request to /cgi-bin/get_file.php with XSS payload in files_list parameter and check if script executes

Check Version:

Check firmware version in camera web interface under System > Information

Verify Fix Applied:

Test same payload after update; script should be sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

POST requests to /cgi-bin/get_file.php with script tags or JavaScript in parameters
Unusual file listing requests

Network Indicators:

HTTP traffic to camera IP on port 80/443 with suspicious POST parameters
Outbound connections from camera to unknown IPs after exploitation

SIEM Query:

source="camera_logs" AND (url="/cgi-bin/get_file.php" AND method="POST" AND (param="files_list" AND value CONTAINS "<script>" OR "javascript:"))

📊 Metadata

CVE ID: CVE-2021-47729

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: December 9, 2025

Last Updated: February 23, 2026

🔗 References

https://www.exploit-db.com/exploits/49454 Exploit
https://www.selea.com Product
https://www.selea.com/product/ Product
https://www.vulncheck.com/advisories/selea-targa-ip-camera-stored-cross-site-scripting-via-files-list Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5614.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47729, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Carplateserver by Selea

Carplateserver by Selea

Carplateserver by Selea

Carplateserver by Selea

Izero Box Full Firmware by Selea

Izero Column Entry\/8 Firmware by Selea

Izero Column Full\/8 Firmware by Selea

Targa 504 Firmware by Selea

Targa 512 Firmware by Selea

Targa 704 Ilb Firmware by Selea

Targa 704 Tkm Firmware by Selea

Targa 710 Inox Firmware by Selea

Targa 750 Firmware by Selea

Targa 805 Firmware by Selea

Targa Semplice Firmware by Selea

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Web Application Firewall

Input Validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities