| Title | comet system T7611 1-5-7-5.1252 / 1.60 Missing Authentication for Critical Function |
|---|
| Description | The web-based management interface of Comet System network sensor devices lacks authentication controls by default. Attackers can remotely access the administrative configuration page (http://<device_ip>:8082/setupA.cfg) without providing credentials. This allows unauthenticated users to modify critical device settings, including:
Security Configuration: Enabling/disabling security features, setting administrator/user passwords.
Web Server Controls: Disabling the embedded web server or altering the listening port (default: 8082).
Network and Protocol Settings: Modifying alarm limits, SNMP/Syslog parameters, email notifications, and backup/restore configurations.
Service Disruption: Changing NTP synchronization, web refresh intervals, or factory resetting the device.
The vulnerability arises because the “Security” feature in the WWW and Security settings is disabled by default, allowing unrestricted access to privileged functions. While the interface provides an option to enable security (requiring administrator/user passwords), this is not enforced in the default configuration. |
|---|
| Source | ⚠️ https://github.com/zeke2997/CVE_request_comet_system |
|---|
| User | zeke (UID 84610) |
|---|
| Submission | 06/18/2025 18:11 (12 months ago) |
|---|
| Moderation | 06/27/2025 07:30 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 314074 [Comet System H3531 1.60 Web-based Management Interface /setupA.cfg missing authentication] |
|---|
| Points | 20 |
|---|