Cyber Posture

CVE-2021-47730

HighPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
24 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system…

more

privileges when a logged-in user visits the page.

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

SC-23 requires mechanisms to protect session authenticity, directly preventing CSRF attacks by verifying legitimate user-initiated requests for state-changing operations like admin user creation.

SI-10 Information Input Validation partial match
prevent

SI-10 mandates validation of web form inputs, enabling checks for anti-CSRF tokens to block forged requests that create unauthorized admin accounts.

IA-11 Re-authentication partial match
prevent

IA-11 requires re-authentication for sensitive transactions such as administrative account creation, preventing CSRF exploitation that lacks user credentials.

Security SummaryAI

CVE-2021-47730 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, in the Selea Targa IP OCR-ANPR Camera. The flaw enables attackers to create administrative users without authentication by crafting a malicious web page that automatically submits a form to add a new admin user with full system privileges when visited by a logged-in user. Published on 2025-12-09, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentially, integrity, and availability impacts.

Attackers with network access can exploit this vulnerability without privileges, though it requires user interaction in the form of a logged-in legitimate user visiting the attacker's malicious web page. Upon exploitation, the attacker gains full administrative control over the affected camera by creating a new admin account, potentially allowing further compromise of the device or network.

Advisories and related resources, including those from VulnCheck (https://www.vulncheck.com/advisories/selea-targa-ip-camera-cross-site-request-forgery-via-admin-creation), Zero Science (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5618.php and https://github.com/zeroscience), Exploit-DB (https://www.exploit-db.com/exploits/49458), and the vendor Selea (https://www.selea.com), provide further details on the issue, proof-of-concept exploits, and potential mitigation steps.

Details

CWE(s)
CWE-352

Affected Products

selea
izero box full firmware
all versions
selea
izero column entry\/8 firmware
all versions
selea
izero column full\/8 firmware
all versions
selea
targa 504 firmware
all versions
selea
targa 512 firmware
all versions
selea
targa 704 ilb firmware
all versions
selea
targa 704 tkm firmware
all versions
selea
targa 710 inox firmware
all versions
selea
targa 750 firmware
all versions
selea
targa 805 firmware
all versions
+2 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1136.001 Local Account Persistence
Adversaries may create a local account to maintain access to victim systems.
attack.mitre.org →
Why these techniques?

CSRF vulnerability in public-facing IP camera web interface enables exploitation of public-facing application (T1190) to create local administrative accounts (T1136.001) without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References