CVE-2025-53702
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-11-04

Assigner: CERT.PL

Description
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request toΒ /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.Β  The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-53702
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vimicro vs-ipc1002_firmware 1.1.0.18
vimicro vs-ipc1002 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-53702 is a Denial-of-Service (DoS) vulnerability in Vilar VS-IPC1002 IP cameras, specifically tested on firmware version 1.1.0.18. An unauthenticated attacker on the same local network can send a specially crafted request to the /cgi-bin/action endpoint, which causes the device to become completely unresponsive. The device requires a manual restart to recover from this state. [1]

Impact Analysis

This vulnerability can cause your Vilar VS-IPC1002 IP camera to become completely unresponsive, effectively denying service. An attacker on the same local network can exploit this to disrupt the camera's operation, potentially causing loss of surveillance or monitoring until the device is manually restarted. [1]

Detection Guidance

This vulnerability can be detected by monitoring network traffic for suspicious HTTP requests sent to the /cgi-bin/action endpoint from devices on the local network. Specifically, look for unauthenticated, crafted requests targeting this endpoint that may cause the device to become unresponsive. A possible detection method is to use network packet capture tools like tcpdump or Wireshark to filter HTTP requests to /cgi-bin/action. For example, a tcpdump command to capture such traffic could be: tcpdump -i <interface> 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then filter for requests containing '/cgi-bin/action'. Additionally, monitoring device responsiveness after such requests can help identify exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Vilar VS-IPC1002 IP cameras to trusted users and devices only, ideally isolating them on a separate VLAN or network segment to prevent unauthenticated attackers on the same local network from reaching the /cgi-bin/action endpoint. Since the vendor has not provided a patch and the device becomes unresponsive after attack, monitoring for suspicious requests and manually restarting affected devices is necessary. Additionally, consider disabling or restricting access to the /cgi-bin/action endpoint if possible, or implementing network-level controls such as firewall rules to block unauthorized requests to this endpoint. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53702. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart