22 matches found
EUVD-2021-34731
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate...
EUVD-2021-34730
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47709
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47710
CVE-2021-47710 affects COMMAX Smart Home System (Ruvie CCTV Bridge DVR Service). An unauthenticated attacker can disclose RTSP credentials in plain text via the /overview.asp endpoint by issuing a GET request, exposing login credentials and DVR settings. The vulnerability is described with high i...
CVE-2021-47710 COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47708 COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate...
CVE-2021-47708
CVE-2021-47708 affects the COMMAX Smart Home System CDP-1020n. A SQL injection in the loginstart.asp id parameter allows an attacker to bypass authentication by sending a crafted POST with malicious id values, manipulating database queries to gain unauthorized access. The Red Hat and EU/NVD-style...
COMMAX Smart Home System SQL注入漏洞
COMMAX Smart Home System is a smart home system from the Korean company COMMAX. A SQL injection vulnerability exists in COMMAX Smart Home System, which stems from a SQL injection issue in the id parameter of loginstart.asp, which could lead to authentication bypass...
COMMAX Smart Home System 访问控制错误漏洞
COMMAX Smart Home System is a smart home system from the Korean company COMMAX. An access control error vulnerability exists in the COMMAX Smart Home System that stems from a plaintext credential disclosure issue in the overview.asp endpoint, which could lead to the disclosure of sensitive...
COMMAX Smart Home System 访问控制错误漏洞
COMMAX Smart Home System is a smart home system from COMMAX Corporation in South Korea. An access control error vulnerability exists in the COMMAX Smart Home System that stems from a configuration modification issue in the setconf endpoint that could lead to a denial of service...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Vulnerability
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CDP-1020n 481 System Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass
Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodc...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...