COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass

Title: COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass
Advisory ID: ZSL-2021-5662
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Security Bypass
Risk: (5/5)
Release Date: 15.08.2021
Summary
COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety.
Description
The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism.
Vendor
COMMAX Co., Ltd. - https://www.commax.com
Affected Version
CDP-1020n
481 System
Tested On
Microsoft-IIS/7.5
ASP.NET
Vendor Status
[02.08.2021] Vulnerability discovered.
[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.
PoC
commax_sqli_auth.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://www.exploit-db.com/exploits/50207
[2] https://packetstormsecurity.com/files/163844
[3] https://cxsecurity.com/issue/WLB-2021080064
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/207575
Changelog
[15.08.2021] - Initial release
[23.08.2021] - Added reference [1], [2], [3] and [4]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk