CVE-2021-47707
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: VulnCheck

Description
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
commax cvd-axx_dvr 5.1.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthorized remote access to video streams and administrative control panels due to weak default credentials, leading to potential exposure of sensitive personal or surveillance data. Such unauthorized disclosure and access could violate data protection requirements under standards like GDPR and HIPAA, which mandate strict controls over personal and sensitive information to ensure confidentiality and prevent unauthorized access. Therefore, exploitation of this vulnerability could result in non-compliance with these regulations by compromising the privacy and security of protected data. [2, 3, 4]

Executive Summary

This vulnerability exists in COMMAX CVD-Axx DVR version 5.1.4, where weak default administrative credentials are set. Specifically, the device allows remote attackers to access the web control panel by sending a POST request with the 'passkey' parameter set to '1234'. This enables unauthorized access and disclosure of the RTSP stream.

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized remote access to the DVR's web control panel, potentially allowing them to view or manipulate video streams and device settings. This can lead to privacy breaches, unauthorized surveillance, and control over the device.

Detection Guidance

This vulnerability can be detected by checking for the presence of the COMMAX CVD-Axx DVR 5.1.4 device on your network and attempting to access its web control panel using a POST request with the 'passkey' parameter set to '1234'. For example, you can use a command like: curl -X POST -d "passkey=1234" http://<device-ip>/ to see if access is granted.

Mitigation Strategies

Immediate mitigation steps include changing the default administrative credentials on the COMMAX CVD-Axx DVR device to a strong, unique password to prevent unauthorized access. Additionally, restrict network access to the device's web control panel to trusted hosts only.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47707. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart