CVE-2025-6763

Summary

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Affected Software

VendorProductVersion RangeStatus
Comet SystemT05101.60affected
Comet SystemT35101.60affected
Comet SystemT35111.60affected
Comet SystemT45111.60affected
Comet SystemT66401.60affected
Comet SystemT75111.60affected
Comet SystemT76111.60affected
Comet SystemP85101.60affected
Comet SystemP85521.60affected
Comet SystemH35311.60affected

Weaknesses

  • CWE-306: Missing Authentication
  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References