Critical Vulnerability Information Vulnerability Type Server-Side Request Forgery (SSRF) Affected Devices and Versions Vendor: Selex s.r.l. Product Website: https://www.selex.com Affected Models: - Targa 512 - Targa 764 - Targa 764 TOM - Targa 805 - Targa 710 ENOX - Targa 750 - Targa 740 L&L Firmware Versions: - BLD20131005214 - BLD20130503745 - BLD200904170901 - BLD200905047031A - BLD20130503945 - BLD101111345435 - BLD101001138146 - BLD101001108140 Vulnerability Description Issue: The application parameters and are used in POST JSON data to construct internal requests or perform DNS IP notifications. Due to lack of validation on these parameters, attackers can specify external domains and force the application to send HTTP requests to arbitrary target hosts. Impact: Attackers can exploit this vulnerability to bypass firewalls, initiate services, perform network enumeration, and access internal networks through the compromised application. Test Environment Operating System: GNU/Linux 3.10.53 (armv7l) PHP Version: 5.6.22 Protocol: HTTP Server: Nginx/1.11.1, SelexCPHttpServer/1.1 Discoverer Discoverer: Gjoko 'LiquidWorm' Krstic @ZeroScience Advisory Details Advisory ID: ZSL-2021-5637 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5637.php Example Request and Response Request Example: Response Example: Timestamp Release Date: 07.11.2020