CVE-2021-47706— COMMAX Biometric Access Control System Authentication Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47706
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
COMMAX Biometric Access Control System Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在信任Cookie未进行验证与完整性检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
COMMAX Biometric Access Control System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
COMMAX Biometric Access Control System是韩国COMMAX公司的一个生物识别门禁系统。 COMMAX Biometric Access Control System 1.0.0版本存在安全漏洞,该漏洞源于cookie投毒问题,可能导致认证绕过和信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| COMMAX Co., Ltd. | COMMAX Biometric Access Control System | 1.0.0 | - |
II. Public POCs for CVE-2021-47706
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47706
请登录查看更多情报信息。
- https://www.commax.comproduct
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.phpthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-47706
Same Patch Batch · COMMAX Co., Ltd. · 2025-12-09 · 7 CVEs total
| CVE-2021-47709 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS | |
| CVE-2021-47708 | COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass | |
| CVE-2021-47710 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure | |
| CVE-2021-47705 | CNC_Ctrl DllUnregisterServer Access Violation | |
| CVE-2021-47707 | COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure | |
| CVE-2021-47719 | CNC_Ctrl DllUnregisterServer f5501 Access Violation |
IV. Related Vulnerabilities
Same vendor: COMMAX Co., Ltd.
- CVE-2021-47743
COMMAX Biometric Access Control System 1.0.0 Reflected XSS v - CVE-2021-47719
CNC_Ctrl DllUnregisterServer f5501 Access Violation - CVE-2021-47710
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credent - CVE-2021-47709
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write - CVE-2021-47708
COMMAX Smart Home IoT Control System SQL Injection Authentic
Same weakness: CWE-565
- CVE-2026-39963
Serendipity: Host Header Injection enables authentication co - CVE-2026-5130
Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privile - CVE-2014-125112
Plack::Middleware::Session::Cookie versions through 0.21 for - CVE-2022-50926
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation - CVE-2025-14440
JAY Login & Register <= 2.4.01 - Authentication Bypass via C
V. Comments for CVE-2021-47706
No comments yet