MidnightBSD

Advisories for cometsystem

CVE-2025-6763 HIGH

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-306,CWE-306,

Products Affected

Vendor Product Version
cometsystem t7611_firmware 1-5-7-5.1252
cometsystem t4511_firmware 1-5-7-5.1252
cometsystem t6640_firmware 1-5-7-5.1252
cometsystem p8510_firmware 4-5-8-0.3488
cometsystem h3531_firmware 9-5-0-1.1327
cometsystem t3511_firmware 1-5-7-2.1151
cometsystem t0510_firmware 1-5-7-5.1252
cometsystem t3510_firmware 1-5-7-5.1252
cometsystem p8552_firmware 4-5-8-1.3502
cometsystem t7511_firmware 1-5-7-5.1251