CVE-2025-34022

Name of the Vulnerable Software and Affected Versions: Selea Targa IP OCR-ANPR cameras versions including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB

Description: A path traversal vulnerability exists in the /common/get file.php script of the "Download Archive in Storage" page, which fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.

Recommendations: As a temporary workaround, consider disabling the /common/get file.php script until a patch is available. Restrict access to the "Download Archive in Storage" page to minimize the risk of exploitation. Avoid using the file parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.