CVE-2025-6763

HIGH EPSS 63.1%
Published Jun 27, 20251y ago · Modified Jun 17, 20261w ago
8.2 CVSS 4.0
High
Find Similar
Published Jun 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

CVSS Details

Base Score
8.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
63.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-287 Improper Authentication Authentication
CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 20

VendorProductVersionRange
cometsystemt7611_firmware1-5-7-5.1252any
cometsystemt7611*any
cometsystemt4511_firmware1-5-7-5.1252any
cometsystemt4511*any
cometsystemt0510_firmware1-5-7-5.1252any
cometsystemt0510*any
cometsystemt6640_firmware1-5-7-5.1252any
cometsystemt6640*any
cometsystemt3510_firmware1-5-7-5.1252any
cometsystemt3510*any
cometsystemt7511_firmware1-5-7-5.1251any
cometsystemt7511*any
cometsystemt3511_firmware1-5-7-2.1151any
cometsystemt3511*any
cometsystemp8510_firmware4-5-8-0.3488any
cometsystemp8510*any
cometsystemp8552_firmware4-5-8-1.3502any
cometsystemp8552*any
cometsystemh3531_firmware9-5-0-1.1327any
cometsystemh3531*any

References 5

  • github.com https://github.com/zeke2997/CVE_request_comet_system
    ExploitThird Party Advisory
  • github.com https://github.com/zeke2997/CVE_request_comet_system#poc
    ExploitThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.314074
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.314074
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.599848
    Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.