CVE-2025-6763

moderate-risk

Published 2025-06-27

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (10)

T7611 Firmware

T4511 Firmware

T0510 Firmware

T6640 Firmware

T3510 Firmware

T7511 Firmware

T3511 Firmware

P8510 Firmware

P8552 Firmware

H3531 Firmware

Affected Vendors

Cometsystem

References (6)

Exploit https://github.com/zeke2997/CVE_request_comet_system

Exploit https://github.com/zeke2997/CVE_request_comet_system#poc

Permissions Required https://vuldb.com/?ctiid.314074

Third Party Advisory https://vuldb.com/?id.314074

Third Party Advisory https://vuldb.com/?submit.599848

Exploit https://github.com/zeke2997/CVE_request_comet_system

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 5/34 · Minimal

Exposure 16/34 · Moderate