Cyber Posture

CVE-2021-47731

CriticalPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
23 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

Directly prohibits hard-coded developer passwords by requiring secure generation, management, and periodic replacement of authenticators.

AC-2 Account Management good match
prevent

Ensures unnecessary developer accounts associated with hard-coded credentials are identified, disabled, and reviewed to prevent unauthorized access.

CM-6 Configuration Settings good match
prevent

Mandates secure baseline configuration settings that disable undocumented endpoints and eliminate hard-coded credentials in device firmware.

Security SummaryAI

CVE-2021-47731 is a hard-coded developer password vulnerability in the Selea Targa IP OCR-ANPR Camera. The flaw enables unauthorized access to device configuration through an undocumented web page endpoint. Attackers can authenticate using the static password 'Selea781830' to enable configuration uploads and overwrite critical device settings. The vulnerability is rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).

Remote attackers with network access to the device can exploit this vulnerability without prior authentication or privileges. By accessing the hidden endpoint and supplying the hard-coded password, they gain full control over configuration changes, potentially disrupting camera operations, altering surveillance feeds, or enabling further persistence on the network.

Advisories from VulnCheck (https://www.vulncheck.com/advisories/selea-targa-ip-camera-developer-backdoor-configuration-overwrite) and Zero Science (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5615.php), along with a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/49455) and the vendor site (https://www.selea.com), document the issue.

A public exploit is available, indicating potential for real-world abuse against exposed IP cameras used in ANPR and OCR applications.

Details

CWE(s)
CWE-306

Affected Products

selea
izero box full firmware
all versions
selea
izero column entry\/8 firmware
all versions
selea
izero column full\/8 firmware
all versions
selea
targa 504 firmware
all versions
selea
targa 512 firmware
all versions
selea
targa 704 ilb firmware
all versions
selea
targa 704 tkm firmware
all versions
selea
targa 710 inox firmware
all versions
selea
targa 750 firmware
all versions
selea
targa 805 firmware
all versions
+2 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

The vulnerability involves exploiting a public-facing web endpoint (T1190) on an IP camera using a hard-coded developer password, equivalent to a default account (T1078.001), enabling unauthorized configuration access and control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References