Filtered by vendor Commax
Subscriptions
Filtered by product Smart Home System
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47708 | 1 Commax | 1 Smart Home System | 2025-12-10 | N/A |
| COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access. | ||||
| CVE-2021-47709 | 1 Commax | 1 Smart Home System | 2025-12-10 | N/A |
| COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint. | ||||
| CVE-2021-47710 | 1 Commax | 1 Smart Home System | 2025-12-10 | N/A |
| COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint. | ||||
Page 1 of 1.