Primary

Context

COMMAX Biometric Access Control System Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in COMMAX Biometric Access Control System version 1.0.0. This vulnerability allows unauthenticated attackers to access sensitive information and bypass physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and access confidential data.

Impact

Exploiting this vulnerability bypasses authentication, allowing unauthorized access to sensitive information and the ability to circumvent physical controls in smart homes and buildings.

Reproduction

The vulnerability can be reproduced by forging cookies to include specific values that bypass authentication checks. Once the cookies are set, an unauthenticated request can be made to the application, such as requesting the 'db_dump.php' file, which will return sensitive information like SQL backups.

Added: Dec 9, 2025, 9:59 PM

Updated: Dec 9, 2025, 9:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

COMMAX Biometric Access Control System Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating