CVE-2021-47708— COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47708
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
COMMAX Smart Home System SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
COMMAX Smart Home System是韩国COMMAX公司的一个智能家居系统。 COMMAX Smart Home System存在SQL注入漏洞,该漏洞源于loginstart.asp中id参数存在SQL注入问题,可能导致认证绕过。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| COMMAX Co., Ltd. | Smart Home IoT Control System | CDP-1020n | - |
II. Public POCs for CVE-2021-47708
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47708
请登录查看更多情报信息。
- https://www.commax.comproduct
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.phpthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-47708
Same Patch Batch · COMMAX Co., Ltd. · 2025-12-09 · 7 CVEs total
| CVE-2021-47709 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS | |
| CVE-2021-47710 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure | |
| CVE-2021-47705 | CNC_Ctrl DllUnregisterServer Access Violation | |
| CVE-2021-47707 | COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure | |
| CVE-2021-47706 | COMMAX Biometric Access Control System Authentication Bypass | |
| CVE-2021-47719 | CNC_Ctrl DllUnregisterServer f5501 Access Violation |
IV. Related Vulnerabilities
Same vendor: COMMAX Co., Ltd.
- CVE-2021-47743
COMMAX Biometric Access Control System 1.0.0 Reflected XSS v - CVE-2021-47719
CNC_Ctrl DllUnregisterServer f5501 Access Violation - CVE-2021-47710
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credent - CVE-2021-47709
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write - CVE-2021-47707
COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosur
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2021-47708
No comments yet