PatchSiren cyber security CVE debrief
CVE-2026-35904 T3techgroup CVE debrief
CVE-2026-35904 is a critical vulnerability with a CVSS score of 9.8, affecting T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03. The vulnerability is caused by incorrect access control in the web management interface, allowing unauthorized attackers to enable the Telnet service via a crafted request to a vulnerable CGI component. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- T3techgroup
- Product
- T3 Technology CPE models T625Pro, T6825G, T7281
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of T3 Technology CPE models T625Pro, T6825G, and T7281 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by incorrect access control in the web management interface of T3 Technology CPE models. This allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Disable Telnet service if not required.
- Restrict access to the web management interface to authorized personnel only.
Evidence notes
The vendor of the affected products is currently listed as 'Unknown Vendor'. However, there is evidence suggesting the vendor might be 'T3techgroup' (see [ref-4], [ref-5], [ref-6], and [ref-7]).
Official resources
CVE-2026-35904 was published on 2026-06-04T15:16:50.550Z and modified on 2026-06-08T15:16:44.673Z.