CVE-2025-53701

MEDIUM

Vilar VS-IPC1002 Firmware - Reflected Cross-Site Scripting via /cgi-bin/action GET Parameters

Title source: llm
STIX 2.1

Description

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0020
EPSS Percentile 9.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
vimicro/vs-ipc1002_firmware 1.1.0.18
Published Oct 23, 2025
Tracked Since Feb 18, 2026