SQL Injection in Commax Co., Ltd. Smart Home Iot Control System
CVE-2021-47708
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending…
Vulnerability class: SQL Injection
EPSS: 0.004 (33.3th percentile) — read the EPSS interpretation.
Affected products
- Commax Co., Ltd. Smart Home Iot Control System — versions CDP-1020n, 481 System
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)