CVE-2021-47706 | THREATINT

Description

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

PUBLISHED Reserved 2025-12-05 | Published 2025-12-09 | Updated 2025-12-10 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-565: Reliance on Cookies without Validation and Integrity Checking

Product status

Default status

unaffected

1.0.0

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/50206 (ExploitDB-50206) exploit

www.commax.com (Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php (Zero Science Lab Disclosure (ZSL-2021-5661)) third-party-advisory

www.commax.com/product/ (COMMAX Biometric Access Control System 1.0.0 Product Page) product

www.vulncheck.com/...ss-control-system-authentication-bypass (VulnCheck Advisory: COMMAX Biometric Access Control System Authentication Bypass) third-party-advisory

cve.org (CVE-2021-47706)

nvd.nist.gov (CVE-2021-47706)

Download JSON