CVE-2025-6763

Exploit

EPSS 0.72%
Veröffentlicht 27.06.2025 11:31:06
Zuletzt bearbeitet 08.10.2025 19:15:45
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cometsystem ≫ T7611 Firmware Version1-5-7-5.1252

Cometsystem ≫ T7611 Version-

Cometsystem ≫ T4511 Firmware Version1-5-7-5.1252

Cometsystem ≫ T4511 Version-

Cometsystem ≫ T0510 Firmware Version1-5-7-5.1252

Cometsystem ≫ T0510 Version-

Cometsystem ≫ T6640 Firmware Version1-5-7-5.1252

Cometsystem ≫ T6640 Version-

Cometsystem ≫ T3510 Firmware Version1-5-7-5.1252

Cometsystem ≫ T3510 Version-

Cometsystem ≫ T7511 Firmware Version1-5-7-5.1251

Cometsystem ≫ T7511 Version-

Cometsystem ≫ T3511 Firmware Version1-5-7-2.1151

Cometsystem ≫ T3511 Version-

Cometsystem ≫ P8510 Firmware Version4-5-8-0.3488

Cometsystem ≫ P8510 Version-

Cometsystem ≫ P8552 Firmware Version4-5-8-1.3502

Cometsystem ≫ P8552 Version-

Cometsystem ≫ H3531 Firmware Version9-5-0-1.1327

Cometsystem ≫ H3531 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.72%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	8.2	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://vuldb.com/?id.314074

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.314074

VDB Entry

Permissions Required

https://vuldb.com/?submit.599848

Third Party Advisory

VDB Entry

https://github.com/zeke2997/CVE_request_comet_system

Third Party Advisory

Exploit