{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47706", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-05T19:10:29.045Z", "datePublished": "2025-12-09T20:37:44.232Z", "dateUpdated": "2026-04-07T14:05:34.150Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "COMMAX Biometric Access Control System", "vendor": "COMMAX Co., Ltd.", "versions": [ { "status": "affected", "version": "1.0.0" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
" } ], "value": "COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information." } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-565", "description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:05:34.150Z" }, "references": [ { "name": "ExploitDB-50206", "tags": [ "exploit" ], "url": "https://www.exploit-db.com/exploits/50206" }, { "name": "Official Product Homepage", "tags": [ "product" ], "url": "https://www.commax.com" }, { "name": "Zero Science Lab Disclosure (ZSL-2021-5661)", "tags": [ "third-party-advisory" ], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php" }, { "name": "COMMAX Biometric Access Control System 1.0.0 Product Page", "tags": [ "product" ], "url": "https://www.commax.com/product/" }, { "name": "VulnCheck Advisory: COMMAX Biometric Access Control System Authentication Bypass", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass" } ], "source": { "discovery": "UNKNOWN" }, "title": "COMMAX Biometric Access Control System Authentication Bypass", "x_generator": { "engine": "vulncheck" }, "datePublic": "2021-08-16T00:00:00.000Z" }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-12-10T15:39:17.857349Z", "id": "CVE-2021-47706", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T15:39:38.212Z" } } ] } }