VYPR
Vendor

Commax

Products
5
CVEs
6
Across products
6
Status
Private

Products

5

Recent CVEs

6
  • CVE-2021-47708CriDec 9, 2025
    risk 0.60cvss epss 0.00

    COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id'…

  • CVE-2021-47707CriDec 9, 2025
    risk 0.60cvss epss 0.00

    COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.

  • CVE-2021-47719HigDec 9, 2025
    risk 0.57cvss epss 0.00

    COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer…

  • CVE-2021-47706HigDec 9, 2025
    risk 0.57cvss epss 0.00

    COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge…

  • CVE-2021-47743MedDec 31, 2025
    risk 0.40cvss 6.1epss 0.00

    COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary…

  • CVE-2019-19163Jun 30, 2020
    risk 0.00cvss epss 0.01

    A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.