CVE-2025-53701 MEDIUM

CVE-2025-53701: XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vendor Vilar
Product VS-IPC1002
Weakness CWE-79 · XSS
Published October 23, 2025
Last update October 23, 2025

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 23, 2025 Record updated