CVE-2021-47731
Published: 09 December 2025
Summary
CVE-2021-47731 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Selea Carplateserver. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits hard-coded developer passwords by requiring secure generation, management, and periodic replacement of authenticators.
Ensures unnecessary developer accounts associated with hard-coded credentials are identified, disabled, and reviewed to prevent unauthorized access.
Mandates secure baseline configuration settings that disable undocumented endpoints and eliminate hard-coded credentials in device firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability involves exploiting a public-facing web endpoint (T1190) on an IP camera using a hard-coded developer password, equivalent to a default account (T1078.001), enabling unauthorized configuration access and control.
NVD Description
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
Deeper analysisAI
CVE-2021-47731 is a hard-coded developer password vulnerability in the Selea Targa IP OCR-ANPR Camera. The flaw enables unauthorized access to device configuration through an undocumented web page endpoint. Attackers can authenticate using the static password 'Selea781830' to enable configuration uploads and overwrite critical device settings. The vulnerability is rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).
Remote attackers with network access to the device can exploit this vulnerability without prior authentication or privileges. By accessing the hidden endpoint and supplying the hard-coded password, they gain full control over configuration changes, potentially disrupting camera operations, altering surveillance feeds, or enabling further persistence on the network.
Advisories from VulnCheck (https://www.vulncheck.com/advisories/selea-targa-ip-camera-developer-backdoor-configuration-overwrite) and Zero Science (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5615.php), along with a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/49455) and the vendor site (https://www.selea.com), document the issue.
A public exploit is available, indicating potential for real-world abuse against exposed IP cameras used in ANPR and OCR applications.
Details
- CWE(s)