Search criteria
2 vulnerabilities by Vilar
CVE-2025-53701 (GCVE-0-2025-53701)
Vulnerability from cvelistv5 – Published: 2025-10-23 13:39 – Updated: 2025-10-23 14:56
VLAI?
Summary
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users.
The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vilar | VS-IPC1002 |
Affected:
1.1.0.18
(custom)
|
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:56:06.990606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T14:56:20.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VS-IPC1002",
"vendor": "Vilar",
"versions": [
{
"status": "affected",
"version": "1.1.0.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2025-10-23T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVilar \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVS-IPC1002 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIP cameras are \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to Reflected XSS (Cross-site Scripting) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eattacks, because parameters in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGET requests sent to /cgi-bin\u003c/span\u003e/action endpoint are not sanitized properly, making it possible to target logged in admin users.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003eThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"value": "Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users.\nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T13:39:46.472Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "XSS vulnerability in Vilar VS-IPC1002 IP cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-53701",
"datePublished": "2025-10-23T13:39:46.472Z",
"dateReserved": "2025-07-08T14:49:12.283Z",
"dateUpdated": "2025-10-23T14:56:20.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53702 (GCVE-0-2025-53702)
Vulnerability from cvelistv5 – Published: 2025-10-23 13:39 – Updated: 2025-10-23 14:56
VLAI?
Summary
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.
The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vilar | VS-IPC1002 |
Affected:
1.1.0.18
(custom)
|
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:56:43.790725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T14:56:58.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VS-IPC1002",
"vendor": "Vilar",
"versions": [
{
"status": "affected",
"version": "1.1.0.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2025-10-23T14:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vilar \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVS-IPC1002 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIP cameras are \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to\u0026nbsp;\u003c/span\u003e/cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003c/span\u003eThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"value": "Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to\u00a0/cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.\u00a0\nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T13:39:44.596Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "DoS vulnerability in Vilar VS-IPC1002 IP cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-53702",
"datePublished": "2025-10-23T13:39:44.596Z",
"dateReserved": "2025-07-08T14:49:12.283Z",
"dateUpdated": "2025-10-23T14:56:58.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}