CVE-2021-47706

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

CVSS

No CVSS.

References

Link	Resource
https://www.commax.com
https://www.commax.com/product/
https://www.exploit-db.com/exploits/50206
https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php

Configurations

No configuration.

History

No history.

Information

Published : 2025-12-09 21:15

Updated : 2025-12-12 15:19

NVD link : CVE-2021-47706

Mitre link : CVE-2021-47706

CVE.ORG link : CVE-2021-47706

JSON object : View

Products Affected

No product.

CWE

CWE-565

Reliance on Cookies without Validation and Integrity Checking

{"id": "CVE-2021-47706", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-09T21:15:49.507", "references": [{"url": "https://www.commax.com", "source": "disclosure@vulncheck.com"}, {"url": "https://www.commax.com/product/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50206", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-565"}]}], "descriptions": [{"lang": "en", "value": "COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information."}], "lastModified": "2025-12-12T15:19:07.567", "sourceIdentifier": "disclosure@vulncheck.com"}