SQL Injection in Commax Co., Ltd. Smart Home Iot Control System

CVE-2021-47708

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending…

Vulnerability class: SQL Injection

EPSS: 0.004 (33.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References