ByteOS Network

Vulnerability Details :

CVE-2021-47706

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-09 Dec, 2025 | 20:37

Updated At-10 Dec, 2025 | 15:39

COMMAX Biometric Access Control System Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulnCheck

Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At:09 Dec, 2025 | 20:37

Updated At:10 Dec, 2025 | 15:39

▼CVE Numbering Authority (CNA)

COMMAX Biometric Access Control System Authentication Bypass

Affected Products

Vendor

COMMAX Co., Ltd.

Product

COMMAX Biometric Access Control System

Default Status

unaffected

Versions

Affected

1.0.0

Problem Types

Type	CWE ID	Description
CWE	CWE-565	CWE-565: Reliance on Cookies without Validation and Integrity Checking

Type: CWE

CWE ID: CWE-565

Description: CWE-565: Reliance on Cookies without Validation and Integrity Checking

Metrics

Version	Base score	Base severity	Vector
4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Credits

finder

LiquidWorm as Gjoko Krstic of Zero Science Lab

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/50206	exploit
https://www.commax.com	product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php	third-party-advisory
https://www.commax.com/product/	product
https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass	third-party-advisory

Hyperlink: https://www.exploit-db.com/exploits/50206

Resource:

exploit

Hyperlink: https://www.commax.com

Resource:

product

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php

Resource:

third-party-advisory

Hyperlink: https://www.commax.com/product/

Resource:

product

Hyperlink: https://www.vulncheck.com/advisories/commax-biometric-access-control-system-authentication-bypass

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:disclosure@vulncheck.com

Published At:09 Dec, 2025 | 21:15

Updated At:12 Dec, 2025 | 15:19

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X