CVE-2025-53701

Published: Oct 23, 2025

Modified: Oct 23, 2025

PUBLISHED

Description

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Vendor	Product	Versions
Vilar	VS-IPC1002	affected `1.1.0.18`

Weaknesses (CWE)

CWE-79

References

https://cert.pl/en/posts/2025/10/CVE-2025-53701

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53701

Description

Affected Products

Weaknesses (CWE)

References