← voltar
CVE-2025-53701

XSS vulnerability in Vilar VS-IPC1002 IP cameras

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Vilar · VS-IPC1002

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/en/posts/2025/10/CVE-2025-53701