CVE-2021-47708
COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
| CWE | CWE-89 |
| Vendor | commax co., ltd. |
| Product | smart home iot control system |
| Published | Dec 9, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for commax co., ltd. smart home iot control system
Be the first to know when new unknown vulnerabilities affecting commax co., ltd. smart home iot control system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
COMMAX Co., Ltd. / Smart Home IoT Control System
CDP-1020n 481 System
References
exploit-db.com: https://www.exploit-db.com/exploits/50207 commax.com: https://www.commax.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php github.com: https://github.com/zeroscience vulncheck.com: https://www.vulncheck.com/advisories/commax-smart-home-iot-control-system-sql-injection-authentication-bypass
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab