CNNVD-202512-1119 Information

CNNVD ID

CNNVD-202512-1119

Related CVE

CVE-2021-47708

• CNNVD Published: 2025-12-09

Description (Chinese)

COMMAX Smart Home System是韩国COMMAX公司的一个智能家居系统。 COMMAX Smart Home System存在SQL注入漏洞，该漏洞源于loginstart.asp中id参数存在SQL注入问题，可能导致认证绕过。

Description (English)

COMMAX Smart Home System is an intelligent home system for COMMAX in Korea. COMMAX Smart Home System has an SQL injection loophole, which stems from the SQL injection problem of the loginstart.asp mediumd parameter, which may lead to the authentication circumvention.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

COMMAX

Published

2025-12-09

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/commax-smart-home-iot-control-system-sql-injection-authentication-bypass https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php https://www.exploit-db.com/exploits/50207 https://www.commax.com https://github.com/zeroscience https://access.redhat.com/security/cve/cve-2021-47708