CVE-2021-47730
HIGHDescription
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
Is your site exposed to CVE-2021-47730?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| selea | izero_box_full_firmware |
| selea | izero_box_full |
| selea | izero_column_entry\/8_firmware |
| selea | izero_column_entry\/8 |
| selea | izero_column_full\/8_firmware |
| selea | izero_column_full\/8 |
| selea | targa_504_firmware |
| selea | targa_504 |
| selea | targa_512_firmware |
| selea | targa_512 |
| selea | targa_704_ilb_firmware |
| selea | targa_704_ilb |
| selea | targa_704_tkm_firmware |
| selea | targa_704_tkm |
| selea | targa_710_inox_firmware |
| selea | targa_710_inox |
| selea | targa_750_firmware |
| selea | targa_750 |
| selea | targa_805_firmware |
| selea | targa_805 |
| selea | targa_semplice_firmware |
| selea | targa_semplice |
| selea | carplateserver |
| selea | carplateserver |
| selea | carplateserver |
| selea | carplateserver |
References
Frequently Asked Questions
What is CVE-2021-47730? +
How severe is CVE-2021-47730? +
What products are affected by CVE-2021-47730? +
How do I check if I'm vulnerable to CVE-2021-47730? +
Related Vulnerabilities
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does …
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does …
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under …
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows …
Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or …
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.