22 matches found
EUVD-2021-34730
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
EUVD-2021-34731
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate...
CVE-2021-47709
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47710
CVE-2021-47710 affects COMMAX Smart Home System (Ruvie CCTV Bridge DVR Service). An unauthenticated attacker can disclose RTSP credentials in plain text via the /overview.asp endpoint by issuing a GET request, exposing login credentials and DVR settings. The vulnerability is described with high i...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47708 COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate...
CVE-2021-47708
CVE-2021-47708 affects the COMMAX Smart Home System CDP-1020n. A SQL injection in the loginstart.asp id parameter allows an attacker to bypass authentication by sending a crafted POST with malicious id values, manipulating database queries to gain unauthorized access. The Red Hat and EU/NVD-style...
COMMAX Smart Home System 访问控制错误漏洞
COMMAX Smart Home System is a smart home system from the Korean company COMMAX. An access control error vulnerability exists in the COMMAX Smart Home System that stems from a plaintext credential disclosure issue in the overview.asp endpoint, which could lead to the disclosure of sensitive...
COMMAX Smart Home System 访问控制错误漏洞
COMMAX Smart Home System is a smart home system from COMMAX Corporation in South Korea. An access control error vulnerability exists in the COMMAX Smart Home System that stems from a configuration modification issue in the setconf endpoint that could lead to a denial of service...
COMMAX Smart Home System SQL注入漏洞
COMMAX Smart Home System is a smart home system from the Korean company COMMAX. A SQL injection vulnerability exists in COMMAX Smart Home System, which stems from a SQL injection issue in the id parameter of loginstart.asp, which could lead to authentication bypass...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CDP-1020n 481 System Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...
COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass
Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodc...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Vulnerability
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. COMMAX Smart Home Ruvie...