How to fix EUVD-2025-18779?

Within 24 hours: Inventory all Selea Targa camera deployments and isolate internet-facing instances to internal networks only; disable remote access features if operationally feasible. Within 7 days: Implement network segmentation to restrict camera communication to dedicated VLANs; deploy WAF rules blocking POST requests to ipnotify_address and url parameters; conduct internal network scan to identify systems the cameras can reach. Within 30 days: Establish vendor contact for patch availability timeline; develop alternative ANPR solution evaluation plan; implement continuous monitoring for exploitation attempts targeting these devices.

EUVD-2025-18779

| CVE-2025-34021 HIGH

2025-06-20 [email protected]

7.8

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18779

PoC Detected

Nov 20, 2025 - 22:15 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 19:15 nvd

HIGH 7.8

Description

A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.

Analysis

CVE-2025-34021 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting multiple Selea Targa IP OCR-ANPR camera models that allows remote unauthenticated attackers to induce arbitrary HTTP requests through unvalidated JSON POST parameters (ipnotify_address and url). An attacker can bypass firewall policies, enumerate internal services, or redirect image fetch and DNS lookup operations to internal or external systems of their choosing. Active exploitation was confirmed by the Shadowserver Foundation on 2025-01-25, indicating real-world attack activity and operational risk.

Technical Context

The vulnerability resides in the JSON POST request parsing mechanism of Selea Targa IP OCR-ANPR camera models. The root cause is CWE-20 (Improper Input Validation), where the application accepts user-supplied input in parameters such as 'ipnotify_address' and 'url' without proper sanitization or validation before using these values in internal HTTP requests and DNS lookups. This is a classic SSRF vulnerability pattern: attacker-controlled URLs are passed directly to internal image fetching and DNS resolution routines without verification that the destination is legitimate or intended. The affected product line includes multiple Selea camera models (iZero, Targa 512, 504, Semplice, 704 TKM, 805, 710 INOX, 750, 704 ILB) running vulnerable firmware versions. These cameras are typically deployed in traffic monitoring and license plate recognition (ANPR) infrastructure, often with network-level trust assumptions that this vulnerability violates.

Affected Products

Selea Targa IP OCR-ANPR camera product line including: (1) Selea iZero; (2) Selea Targa 512; (3) Selea Targa 504; (4) Selea Targa Semplice; (5) Selea Targa 704 TKM; (6) Selea Targa 805; (7) Selea Targa 710 INOX; (8) Selea Targa 750; (9) Selea Targa 704 ILB. Specific firmware versions affected are not detailed in the provided description, but all listed models are vulnerable. No CPE data or version ranges are provided in the source material, indicating a need for immediate contact with Selea for firmware revision guidance. Typical deployment context: these devices are used in traffic monitoring, parking enforcement, and law enforcement ANPR systems, often connected to internal networks with implicit trust assumptions.

Remediation

Immediate actions: (1) Contact Selea directly for patched firmware versions addressing input validation of ipnotify_address and url JSON parameters; (2) Implement network segmentation to restrict camera access to essential services only, reducing SSRF impact scope; (3) Disable or restrict the image fetch and DNS notification features if operationally feasible until patches are applied; (4) Monitor JSON POST traffic to cameras for suspicious ipnotify_address or url parameter values pointing to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or localhost; (5) Apply host-based or network-level firewall rules to prevent cameras from initiating outbound connections to internal infrastructure; (6) Update camera firmware to the latest patched version once Selea releases advisories (check Selea security advisories portal); (7) Implement Web Application Firewall (WAF) rules on any proxy/gateway controlling camera access to reject POST requests with suspicious parameter patterns. Vendor advisory is referenced as confirmed exploitation evidence from Shadowserver (2025-01-25), suggesting Selea has or will issue formal advisory.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: +20

EUVD-2025-18779 vulnerability details – vuln.today

Back

EUVD-2025-18779

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18779

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code