Primary

Context

COMMAX Smart Home System SQL Injection Authentication Bypass Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the COMMAX Smart Home System CDP-1020n. This vulnerability allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Exploitation involves sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

Impact

Exploitation of this vulnerability allows for authentication bypass, unauthorized access to the system, and potential manipulation of database information.

Reproduction

To reproduce this vulnerability, send a POST request to 'loginstart.asp' with a crafted 'id' parameter that includes SQL injection payloads. The injection should exploit the application's SQL query handling to bypass authentication.

Added: Dec 9, 2025, 9:57 PM

Updated: Dec 9, 2025, 9:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

COMMAX Smart Home System SQL Injection Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating