Selea Targa IP Cameras Unauthenticated Live Stream Access Vulnerability

A vulnerability exists in Selea Targa IP OCR-ANPR Cameras, allowing remote access to live video streams without authentication. This issue affects multiple models, including Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB, all running specific firmware versions. The vulnerability enables unauthorized users to view camera footage by connecting to RTP/RTSP or M-JPEG streams through designated endpoints.

Impact

Exploitation of this vulnerability leads to unauthorized access to live video feeds from the affected cameras.

Reproduction

The vulnerability can be reproduced by sending a request to the camera's RTP/RTSP or M-JPEG stream endpoints, such as 'p1.mjpg' or 'p1.264'. This can be done using a media player that supports these protocols, like VLC, or through a web browser for the M-JPEG stream.

Remediation

The vendor has released patches for this vulnerability in newer versions of the camera firmware and the CarPlateServer software. Users are advised to update to the latest versions.