ГлавнаяУязвимости → CVE-2025-6763
8.1высокая

CVE-2025-6763

Описание

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Затрагиваемое ПО
Cometsystem T7611 firmwareCometsystem T7611Cometsystem T4511 firmwareCometsystem T4511Cometsystem T0510 firmwareCometsystem T0510Cometsystem T6640 firmwareCometsystem T6640Cometsystem T3510 firmwareCometsystem T3510Cometsystem T7511 firmwareCometsystem T7511Cometsystem T3511 firmwareCometsystem T3511Cometsystem P8510 firmwareCometsystem P8510Cometsystem P8552 firmwareCometsystem P8552Cometsystem H3531 firmwareCometsystem H3531
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/zeke2997/CVE_request_comet_systemhttps://github.com/zeke2997/CVE_request_comet_system#pochttps://vuldb.com/?ctiid.314074https://vuldb.com/?id.314074https://vuldb.com/?submit.599848https://github.com/zeke2997/CVE_request_comet_system