Selea Targa IP OCR-ANPR Cameras Path Traversal Vulnerability Allowing Unauthenticated File Disclosure

A path traversal vulnerability has been identified in various models of Selea Targa IP OCR-ANPR cameras. The issue arises in the 'Download Archive in Storage' page, where the 'get_file.php' script fails to properly validate user input for the file parameter. This vulnerability allows unauthenticated remote attackers to read arbitrary files on the device, including sensitive system files with cleartext credentials. Such exposure could lead to authentication bypass and unauthorized access to system information.

Impact

Exploitation of this vulnerability allows for unauthenticated directory traversal, leading to arbitrary file disclosure. Sensitive files, including those containing cleartext credentials, can be accessed, potentially allowing for authentication bypass.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the 'get_file.php' script on the affected camera models. The request must include a directory traversal payload that exploits the insufficient input validation, allowing access to sensitive files such as '/etc/passwd' or files containing authentication credentials.