How to fix EUVD-2025-18778?

Within 24 hours: Identify and inventory all Selea Targa camera models in your environment and isolate them to a dedicated VLAN with restricted network access. Within 7 days: Implement network-based controls (WAF/IDS rules blocking /common/get_file.php requests, disable the 'Download Archive in Storage' feature if possible, and require VPN access for device management). Within 30 days: Contact Selea for patch availability, evaluate replacement options, and conduct credential audit to identify any systems compromised via this vulnerability.

Is PHP affected by EUVD-2025-18778?

Selea Targa IP camera systems used for surveillance and access control contain a critical vulnerability allowing unauthenticated attackers to extract sensitive files, including administrative credentials, without requiring a patch.

EUVD-2025-18778

| CVE-2025-34022 CRITICAL

2025-06-20 [email protected]

9.3

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18778

PoC Detected

Nov 20, 2025 - 22:15 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 19:15 nvd

CRITICAL 9.3

Description

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Analysis

CVE-2025-34022 is an unauthenticated path traversal vulnerability in Selea Targa IP OCR-ANPR cameras affecting at least 9 models (iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, Targa 704 ILB). The /common/get_file.php script fails to validate the 'file' parameter, allowing remote attackers to read arbitrary files including system credentials in cleartext. Active exploitation was confirmed by Shadowserver Foundation on 2025-02-02 UTC, indicating this is not theoretical-it is actively weaponized in the wild.

Technical Context

The vulnerability exists in the 'Download Archive in Storage' feature of Selea's IP-based ANPR (Automatic Number Plate Recognition) camera systems. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory—Path Traversal), wherein the /common/get_file.php endpoint accepts user-supplied input in the 'file' parameter without proper canonicalization or validation. Attackers can inject path traversal sequences (e.g., '../../../etc/passwd') to escape the intended directory and access system files. The affected products are industrial/commercial-grade IP cameras running proprietary firmware. No authentication is required to access this endpoint, making this a pre-authentication attack vector. The exposure of cleartext credentials suggests weak or absent server-side secret management, compounding the impact.

Affected Products

Selea Targa IP OCR-ANPR camera product line, confirmed affected models: (1) iZero; (2) Targa 512; (3) Targa 504; (4) Targa Semplice; (5) Targa 704 TKM; (6) Targa 805; (7) Targa 710 INOX; (8) Targa 750; (9) Targa 704 ILB. The vulnerability affects the /common/get_file.php endpoint in the 'Download Archive in Storage' feature, suggesting all firmware versions of these models released prior to the patch date (not specified in CVE description—vendor advisory required for exact patched versions) are vulnerable. CPE strings would likely follow: cpe:2.3:h:selea:targa_*:*:*:*:*:*:*:*:* (hardware) and cpe:2.3:o:selea:targa_*_firmware:*:*:*:*:*:*:*:* (firmware). Vendor advisories from Selea should be consulted for exact affected firmware versions and patch availability.

Remediation

Immediate actions: (1) Isolate affected Selea Targa IP cameras from internet-facing networks and restrict network access to trusted administrative networks only; (2) implement network segmentation and firewall rules to block access to port 80/443 on these devices from untrusted networks; (3) monitor for evidence of compromise by checking for unauthorized file access in logs (if available). Medium-term: (1) Contact Selea for vendor security advisory and patch availability—the CVE description does not specify patched versions, requiring vendor communication; (2) once patches are released, perform firmware updates on all affected models in a phased, tested manner; (3) change all default and shared credentials on the devices and implement strong administrative access controls. Long-term: (1) deploy intrusion detection/prevention (IDS/IPS) rules to detect path traversal attempts to /common/get_file.php with encoded payloads; (2) implement Web Application Firewall (WAF) rules if cameras are accessed through a proxy; (3) consider replacement of cameras with vendors demonstrating security maturity (secure SDLC, regular patching cycles).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +46

POC: +20

EUVD-2025-18778 vulnerability details – vuln.today

Back

EUVD-2025-18778

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18778

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code