CVE Catalog

CVE-2026-35904

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.

Risk Assessment

Attackers may gain access to the Telnet service, potentially leading to unauthorized access to the system and possible takeover of the device.

Recommendation

It is recommended to update the software to the latest version to eliminate this vulnerability and implement additional security measures, such as restricting access to the management interface.

Original NVD description (English source)

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS