← voltar
CVE-2025-6763

Comet System H3531 Web-based Management setupA.cfg missing authentication

CVSS 9.2 CRITICALEPSS 1.2%CWE-287CWE-306
Vexday Risk Score
48Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 9.2EPSS 1.2%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Ciclo de vida
27 jun 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Produtos afetados
Comet System · H3531Comet System · P8510Comet System · P8552Comet System · T0510Comet System · T3510Comet System · T3511Comet System · T4511Comet System · T6640Comet System · T7511Comet System · T7611
PoCs públicas encontradas1
cve_referencegithub.com/zeke2997/CVE_request_comet_system#pocnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/zeke2997/CVE_request_comet_systemhttps://github.com/zeke2997/CVE_request_comet_system#pochttps://vuldb.com/?ctiid.314074https://vuldb.com/?id.314074https://vuldb.com/?submit.599848