← Advisories

COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass

Critical
Advisory ID
ZSL-2021-5662
Release Date
15 August 2021
Vendor
COMMAX Co., Ltd. - https://www.commax.com
Affected Version
CDP-1020n, 481 System
CVE
N/A
Tested On
Microsoft-IIS/7.5, ASP.NET
Summary

COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety.

Description

The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism.

Proof of Concept
commax_sqli_auth.txtTXT
Disclosure Timeline
02.08.2021Vulnerability discovered.
03.08.2021Vendor contacted.
04.08.2021Vendor contacted.
05.08.2021No response from the vendor.
06.08.2021Vendor contacted.
14.08.2021No response from the vendor.
15.08.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/50207
[2]https://packetstormsecurity.com/files/163844
[3]https://cxsecurity.com/issue/WLB-2021080064
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/207575
Changelog
15.08.2021Initial release
23.08.2021Added reference [1], [2], [3] and [4]