QwikSec

Security Database

CVE

CWE

Training

CVE-2021-47708

Published: Dec 9, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

Vendor	Product	Versions
COMMAX Co., Ltd.	Smart Home IoT Control System	affected `CDP-1020n` affected `481 System`

Weaknesses (CWE)

References

ExploitDB-50207

exploit

Official Product Homepage

product

Zero Science Lab Disclosure (ZSL-2021-5662)

third-party-advisory

Zero Science GitHub Repository

product

VulnCheck Advisory: COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.