CVE-2025-6763

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.1 HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
cometsystemt7611_firmware
1-5-7-5.1252
cometsystemt4511_firmware
1-5-7-5.1252
cometsystemt0510_firmware
1-5-7-5.1252
cometsystemt6640_firmware
1-5-7-5.1252
cometsystemt3510_firmware
1-5-7-5.1252
cometsystemt7511_firmware
1-5-7-5.1251
cometsystemt3511_firmware
1-5-7-2.1151
cometsystemp8510_firmware
4-5-8-0.3488
cometsystemp8552_firmware
4-5-8-1.3502
cometsystemh3531_firmware
9-5-0-1.1327
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/zeke2997/CVE_request_comet_system
https://github.com/zeke2997/CVE_request_comet_system#poc
https://vuldb.com/?ctiid.314074
https://vuldb.com/?id.314074
https://vuldb.com/?submit.599848
https://github.com/zeke2997/CVE_request_comet_system