CVE-2025-53702
MEDIUMVilar VS-IPC1002 Firmware - Unauthenticated Denial of Service via /cgi-bin/action Endpoint
Title source: llmDescription
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.pl/en/posts/2025/10/CVE-2025-53701
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
8.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-755
Status
published
Products (1)
vimicro/vs-ipc1002_firmware
1.1.0.18
Published
Oct 23, 2025
Tracked Since
Feb 18, 2026