CVE-2026-35904
CriticalCVSS 9.8Summary
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.
Risk Assessment
Attackers may gain access to the Telnet service, potentially leading to unauthorized access to the system and possible takeover of the device.
Recommendation
It is recommended to update the software to the latest version to eliminate this vulnerability and implement additional security measures, such as restricting access to the management interface.
Original NVD description (English source)
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.

