Cyber Posture

CVE-2021-47728

CriticalPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
23 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0143 80.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained…

more

local file inclusion techniques.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by requiring validation and sanitization of untrusted inputs like the 'addr' and 'port' parameters in utils.php.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires identification and authentication for non-organizational users, blocking unauthenticated remote exploitation of the vulnerability.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Limits permitted actions without identification or authentication, preventing exposure of the vulnerable utils.php endpoint to unauthorized remote attackers.

Security SummaryAI

CVE-2021-47728 is an unauthenticated command injection vulnerability (CWE-78) affecting the Selea Targa IP OCR-ANPR Camera, specifically in the utils.php component. Remote attackers can exploit the 'addr' and 'port' parameters to inject and execute arbitrary shell commands, leveraging chained local file inclusion techniques to gain access as the www-data user. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.

Any remote attacker can exploit this vulnerability without authentication, requiring no privileges, user interaction, or special conditions. Successful exploitation allows execution of arbitrary shell commands on the device, potentially leading to full compromise including high confidentiality, integrity, and availability impacts as reflected in the CVSS score.

Advisories and references, including those from Zeroscience (ZSL-2021-5620), Vulncheck, and Exploit-DB (exploit 49460), provide technical details and a proof-of-concept, while the vendor site at Selea.com is listed for potential updates. No specific patch or mitigation details are outlined in the available information.

Details

CWE(s)
CWE-78

Affected Products

selea
izero box full firmware
all versions
selea
izero column entry\/8 firmware
all versions
selea
izero column full\/8 firmware
all versions
selea
targa 504 firmware
all versions
selea
targa 512 firmware
all versions
selea
targa 704 ilb firmware
all versions
selea
targa 704 tkm firmware
all versions
selea
targa 710 inox firmware
all versions
selea
targa 750 firmware
all versions
selea
targa 805 firmware
all versions
+2 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Unauthenticated remote command injection in a public-facing web application (IP camera utils.php) directly enables T1190 for initial access and T1059.004 for arbitrary Unix shell command execution as www-data.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References