Key Information Vulnerability Name: Selela Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated) EDB-ID: 45456 CVE: N/A Author: LIQUIDWORM Type: WEBAPP Platform: HARDWARE Date: 2021-01-27 Affected Devices: - Model: Tango x17, Tango x8a, Tango Songphiro, Tango 704 TKM, Tango 805, Tango 905 DAX, Tango 750 - Firmware versions: BLU20201006183745, BLU20200804187901, BLU20200804170524, BLU20200804170525, BLU202101151535, BLU20200212180140, BLU20200212180140 - CPU: 3.0.111(202012), 3.IMX(202025), 3.RMX(19796), 4.00000000 Vulnerability Description: - This ANPR camera is affected by an unauthenticated arbitrary file disclosure vulnerability. The vulnerability can be exploited by sending a GET request to the "/Storage" page, as the get_file.php script used for file downloads does not properly enforce filters. Attackers can leverage directory traversal attacks to disclose the contents of arbitrary and sensitive files, potentially leading to credential leakage in plaintext and resulting in authentication bypass. Example Command: Discoverer: Cigoko 'LIQUIDWORM' Krstic @zeroscience Advisory ID: ZSL-2021-5918 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5918.php