### Key Information - **Vulnerability Name**: Selela Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated) - **EDB-ID**: 45457 - **CVE**: N/A - **Author**: cJoko 'liquidworm' Krstic - **Type**: WEBAPP - **Platform**: HARDWARE - **Date**: 2021-01-27 - **Affected Application**: Selela Targa IP OCR-ANPR Camera #### Vulnerability Description - **Vendor**: Selela Kft. - **Product Page**: https://www.selela.com - **Affected Versions**: - Model: S12, S30, S60, T70, T70 THM, T85, T90, T90 THMX, T90 THMX IR, T90 JLB - Firmware: BLU2011110M0221, BLU2012100S03775, BLU2012100S03776, BLU2030904L07514, BLU2030903143345, BLU2030903143346, BLU201202L089160, BLU201202L089161, BLU201202L089162, BLU201202L089163, BLU201202L089164 - CPS: 4.0011(0005), 3.9001(0005), 3.9001(0006), 3.9001(0007), s.9001(0017) #### Vulnerability Details - **Vulnerability Type**: Unauthenticated Server Side Request Forgery (SSRF) - **Impact**: Multiple SSRF vulnerabilities exist across various functions, allowing attackers to inject malicious data via POST JSON parameters, thereby constructing HTTP requests or probing IP addresses. - **Exploitation Method**: Attackers can exploit this vulnerability to bypass firewalls and perform service and network enumeration. #### Technical Details - **Test Environment**: OM/Linux 5.10.51 (armv7l), php/5.6.22, selela_httpd, httpServer/0.1, SelelaCPSHttpsServer/1.1 - **Example Request**: ```http POST /cps/test_backup_server?ACTION=TEST_IP&NOCONTINUE=TRUE HTTP/1.1 Host: 192.168.1.17 ``` #### Reference Links - **Advisory ID**: ZSL-2021-5017 - **Advisory URL**: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5017.php