Critical severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2021-47708

Description

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.commax.comnvd
www.exploit-db.com/exploits/50207nvd
www.vulncheck.com/advisories/commax-smart-home-iot-control-system-sql-injection-authentication-bypassnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000