CVE-2021-47706

COMMAX Biometric Access Control System Authentication Bypass

CVSS 8.7 HIGHEPSS 0.4%CWE-565

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

COMMAX Co., Ltd. · COMMAX Biometric Access Control System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.commax.com https://www.commax.com/product/https://www.exploit-db.com/exploits/50206 https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php