exploitDog

CVE-2025-53701

Опубликовано: 23 окт. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Ссылки

https://cert.pl/en/posts/2025/10/CVE-2025-53701
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:vimicro:vs-ipc1002_firmware:1.1.0.18:*:*:*:*:*:*:*

cpe:2.3:h:vimicro:vs-ipc1002:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9x3p-mvq5-2fgh

CVSS3: 6.1

github

4 месяца назад

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79