Primary

Context

COMMAX Smart Home System RTSP Credentials Disclosure Vulnerability

Vulnerability

A vulnerability in the COMMAX Smart Home System's CCTV Bridge DVR service allows an unauthenticated attacker to access RTSP credentials in plain text. This issue arises from the /overview.asp endpoint, which can be exploited by sending a GET request. The vulnerability exposes sensitive information such as login credentials and DVR settings.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of RTSP credentials, which could be used to access video streams or other sensitive information related to the user's DVR settings.

Reproduction

To reproduce this vulnerability, send a GET request to the /overview.asp endpoint on the affected COMMAX Smart Home System. The response will include RTSP credentials in plain text, which can be used to access video streams from the user's DVR.

Added: Dec 9, 2025, 9:56 PM

Updated: Dec 9, 2025, 9:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

COMMAX Smart Home System RTSP Credentials Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating