RCE in Selea Carplateserver
CVE-2021-47728
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject comm…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.023 (81.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Selea Carplateserver — versions 3.005\(191112\), 3.005\(191206\), 3.100\(200225\)
- Selea Izero_box_full
- Selea Izero_box_full_firmware
- Selea Izero_column_entry\/8
- Selea Izero_column_entry\/8_firmware
- Selea Izero_column_full\/8
- Selea Izero_column_full\/8_firmware
- Selea Targa Ip Ocr-anpr Camera — versions Unknown
- Selea Targa_504
- Selea Targa_504_firmware
Weakness classification (CWE)
References
- disclosure@vulncheck.com (Exploit, exploit)
- disclosure@vulncheck.com (Product, product)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
- disclosure@vulncheck.com (product, Not Applicable)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2021-47728?
- CVE-2021-47728 is a critical-severity vulnerability in Selea Carplateserver, classified under OS Command Injection. CVSS score: 9.8/10. Published 2025-12-09.
- How severe is CVE-2021-47728?
- Critical severity. CVSS v3 base score is 9.8 out of 10.