CVE-2021-47706 HIGH

CVE-2021-47706: COMMAX Biometric Access Control System Authentication Bypass

Vendor Commax Co., Ltd.
Product COMMAX Biometric Access Control System
Weakness CWE-565 · Reliance on cookies
Published December 9, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
April 7, 2026 Record updated