CVE-2021-47730 – Selea Targa IP OCR-ANPR cameras contain a CSRF ... (How to Fix)

Q: What is the severity of CVE-2021-47730?

CVE-2021-47730 has a CVSS score of 8.8 (HIGH). Selea Targa IP OCR-ANPR cameras contain a CSRF vulnerability that allows attackers to create administrative accounts without authentication. When a logged-in user visits a malicious webpage, it can automatically submit a form to add a new admin user with full system privileges. This affects all users of vulnerable Selea Targa IP camera systems.

📋 TL;DR

Selea Targa IP OCR-ANPR cameras contain a CSRF vulnerability that allows attackers to create administrative accounts without authentication. When a logged-in user visits a malicious webpage, it can automatically submit a form to add a new admin user with full system privileges. This affects all users of vulnerable Selea Targa IP camera systems.

💻 Affected Systems

Products:

Selea Targa IP OCR-ANPR Camera

Versions: All versions prior to patching

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of Selea Targa IP cameras. Requires the camera to be accessible via network and have at least one admin session active.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of the camera system, allowing them to disable security features, manipulate video feeds, access sensitive data, or use the camera as an entry point into the network.

🟠

Likely Case

Unauthorized administrative accounts are created, leading to camera system compromise, surveillance disruption, and potential lateral movement into connected networks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the camera system itself without network-wide compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires a logged-in admin user to visit a malicious webpage. The exploit code is publicly available on Exploit-DB and GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Selea for specific firmware versions

Vendor Advisory: https://www.selea.com

Restart Required: Yes

Instructions:

1. Contact Selea support for latest firmware. 2. Backup camera configuration. 3. Upload new firmware via web interface. 4. Reboot camera. 5. Verify fix by testing admin creation CSRF.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate camera network from user workstations and internet

Browser Security Extensions

all

Install CSRF protection browser extensions for admin users

🧯 If You Can't Patch

Place cameras on isolated VLAN with no internet access
Implement strict firewall rules to limit camera management interface access to specific IPs only

🔍 How to Verify

Check if Vulnerable:

Test by attempting CSRF attack on admin creation endpoint while logged in as admin

Check Version:

Check firmware version in camera web interface under System > Information

Verify Fix Applied:

Attempt CSRF attack after patch - should fail with proper CSRF token validation

📡 Detection & Monitoring

Log Indicators:

Unexpected admin user creation events
Multiple failed login attempts followed by successful admin creation

Network Indicators:

HTTP POST requests to admin creation endpoint from unexpected sources
Cross-origin requests to camera management interface

SIEM Query:

source="camera_logs" AND (event="user_created" OR event="admin_added")

📊 Metadata

CVE ID: CVE-2021-47730

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.12% exploit probability (31.1th percentile)

Published: December 9, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/zeroscience Not Applicable
https://www.exploit-db.com/exploits/49458 Exploit
https://www.selea.com Product
https://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creation Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47730, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Carplateserver by Selea

Carplateserver by Selea

Carplateserver by Selea

Carplateserver by Selea

Izero Box Full Firmware by Selea

Izero Column Entry\/8 Firmware by Selea

Izero Column Full\/8 Firmware by Selea

Targa 504 Firmware by Selea

Targa 512 Firmware by Selea

Targa 704 Ilb Firmware by Selea

Targa 704 Tkm Firmware by Selea

Targa 710 Inox Firmware by Selea

Targa 750 Firmware by Selea

Targa 805 Firmware by Selea

Targa Semplice Firmware by Selea

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Browser Security Extensions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities