Back to search
CVE-2021-47707
Published: Dec 9, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
| Vendor | Product | Versions |
|---|---|---|
COMMAX Co., Ltd. | COMMAX CVD-Axx DVR | affected CVD-AH04 DVR 4.4.1 |
Weaknesses (CWE)
References
ExploitDB-50210
exploit
Official Product Homepage
product
Zero Science Lab Disclosure (ZSL-2021-5667)
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now