cvedb.io
CVE-2025-53701
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-10-23T14:15:39.107 · Last modified 2026-06-17T09:38:43.920

Summary

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Affected products

vimicro — vs-ipc1002_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when vimicro ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.