CVE-2021-47706

Summary

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

Affected Software

VendorProductVersion RangeStatus
COMMAX Co., Ltd.COMMAX Biometric Access Control System1.0.0affected

Weaknesses

  • CWE-565: CWE-565: Reliance on Cookies without Validation and Integrity Checking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References