CVE-2026-35906
published 2026-06-04CVE-2026-35906: An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system…
PriorityP260critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
0.47%
36.9th percentile
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTT
ghsa_unreviewed·2026-06-04
CVE-2026-35906 [CRITICAL] CWE-78 An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTT
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.
VulDB
T3 T625Pro/T6825G CGI Endpoint Remote Code Execution
vuldb·2026-06-04·CVSS 9.6
CVE-2026-35906 [CRITICAL] T3 T625Pro/T6825G CGI Endpoint Remote Code Execution
A vulnerability identified as very critical has been detected in T3 T625Pro and T6825G. This vulnerability affects unknown code of the component CGI Endpoint. Performing a manipulation results in Remote Code Execution.
This vulnerability is cataloged as CVE-2026-35906. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-04
Published