PT-2025-27143 · Comet · Comet System T7511+9
Zeke
·
Published
2025-06-27
·
Updated
2025-10-14
·
CVE-2025-6763
CVSS v4.0
8.2
High
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60
Description:
A critical vulnerability was found in the Web-based Management Interface component of the affected systems, specifically affecting the file /setupA.cfg. This issue leads to missing authentication. To exploit this vulnerability, access to the local network is required, and the complexity of the attack is considered high, making exploitation difficult. The exploit has been publicly disclosed.
Recommendations:
For Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60, as a temporary workaround, consider restricting access to the Web-based Management Interface until a patch is available. Additionally, restrict access to the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Comet System H3531
Comet System P8510
Comet System P8552
Comet System T0510
Comet System T3510
Comet System T3511
Comet System T4511
Comet System T6640
Comet System T7511
Comet System T7611