CNNVD-202512-5541 Information

CNNVD ID

CNNVD-202512-5541

Related CVE

CVE-2020-36904

• CNNVD Published: 2025-12-31

Description (Chinese)

Selea CarPlateServer是意大利Selea公司的一个车盘识别软件。 Selea CarPlateServer 4.0.1.6版本存在访问控制错误漏洞，该漏洞源于可通过操作NO_LIST_EXE_PATH配置参数绕过身份验证，可能导致攻击者执行任意Windows二进制文件。

Description (English)

Selea CarPlateServer is a drive recognition software for the Italian company Selea. Release Salea CarPlateServer 4.1.6 contains a bug in access control, which stems from the fact that identification can be bypassed by the operation of NO LIST EXE PATH configuration parameters, which may lead the assailant to perform an arbitrary Windows binary.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

Selea

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/49452 https://www.selea.com https://www.vulncheck.com/advisories/selea-carplateserver-remote-program-execution-via-configuration-endpoint https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5622.php