Cyber Resilience

CVE-2021-47731

CriticalPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0011 28.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47731 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Selea Carplateserver. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2021-47731 is a hard-coded developer password vulnerability in the Selea Targa IP OCR-ANPR Camera. The flaw enables unauthorized access to device configuration through an undocumented web page endpoint. Attackers can authenticate using the static password 'Selea781830' to enable configuration uploads and overwrite critical device settings. The vulnerability is rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).

Remote attackers with network access to the device can exploit this vulnerability without prior authentication or privileges. By accessing the hidden endpoint and supplying the hard-coded password, they gain full control over configuration changes, potentially disrupting camera operations, altering surveillance feeds, or enabling further persistence on the network.

Advisories from VulnCheck (https://www.vulncheck.com/advisories/selea-targa-ip-camera-developer-backdoor-configuration-overwrite) and Zero Science (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5615.php), along with a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/49455) and the vendor site (https://www.selea.com), document the issue.

A public exploit is available, indicating potential for real-world abuse against exposed IP cameras used in ANPR and OCR applications.

EU & UK References

Vulnerability details

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

The vulnerability involves exploiting a public-facing web endpoint (T1190) on an IP camera using a hard-coded developer password, equivalent to a default account (T1078.001), enabling unauthorized configuration access and control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47730Same product: Selea Carplateserver
CVE-2021-47728Same product: Selea Carplateserver
CVE-2026-41930Shared CWE-306
CVE-2025-34223Shared CWE-306
CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306

Affected Assets

selea
izero box full firmware
all versions
selea
izero column entry\/8 firmware
all versions
selea
izero column full\/8 firmware
all versions
selea
targa 504 firmware
all versions
selea
targa 512 firmware
all versions
selea
targa 704 ilb firmware
all versions
selea
targa 704 tkm firmware
all versions
selea
targa 710 inox firmware
all versions
selea
targa 750 firmware
all versions
selea
targa 805 firmware
all versions
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prohibits hard-coded developer passwords by requiring secure generation, management, and periodic replacement of authenticators.

prevent

Ensures unnecessary developer accounts associated with hard-coded credentials are identified, disabled, and reviewed to prevent unauthorized access.

prevent

Mandates secure baseline configuration settings that disable undocumented endpoints and eliminate hard-coded credentials in device firmware.

References