Critical severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2021-47707

Description

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.commax.comnvd
www.exploit-db.com/exploits/50210nvd
www.vulncheck.com/advisories/commax-cvd-axx-dvr-weak-default-credentials-stream-disclosurenvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000