CVE-2025-53701 | THREATINT

Description

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

PUBLISHED Reserved 2025-07-08 | Published 2025-10-23 | Updated 2025-10-23 | Assigner CERT-PL

MEDIUM: 4.8CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unknown

1.1.0.18 (custom)

affected

Credits

Szymon Paszun finder

References

cert.pl/en/posts/2025/10/CVE-2025-53701

cve.org (CVE-2025-53701)

nvd.nist.gov (CVE-2025-53701)

Download JSON