HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35904Published Modified CNA mitre

CVE-2026-35904: Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Incorrect access control in the web management interface of T3 Technology CPE devices (T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows an unauthenticated attacker to enable the Telnet service by sending a specially crafted HTTP request to a vulnerable CGI endpoint. The flaw is reachable over the network with no authentication or user interaction required. Successful exploitation gives an attacker the ability to activate Telnet, which can then be used as a foothold for full device takeover, credential theft, and persistent access to the network segment the device controls. No fix versions have been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-35904 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that embed T3 Technology CPE firmware or management components. Any image in a customer registry or CI/CD pipeline containing an affected package version is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the published CVSS v3.1 vector and weights it against each environment's compliance policy to determine urgency and routing. Triage results are surfaced to the appropriate team inbox within each customer organization based on policy-defined ownership rules.

Available
Patch

No upstream fix version has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment T3 Technology releases a remediated version. Customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads without any manual intervention required.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable CGI endpoint is exposed over the network, so the attacker must be able to reach the device's web management interface via HTTP or HTTPS.

  • AuthenticationNot required

    No account or session credentials are needed; the vulnerable CGI component processes the crafted request without any authentication check.

  • Victim interactionNot required

    The attacker sends a crafted request directly to the device; no action by an administrator or any other user is needed to trigger the vulnerability.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and repeatable with no race conditions, special memory layout requirements, or other environmental dependencies.

Blast Radius

  • Activates the Telnet service on the affected device, opening a persistent remote-access channel that survives reboots until explicitly disabled.
  • Enables an attacker to log in via Telnet and read device configuration, stored credentials, and network topology details from the management plane.
  • Gives the attacker the ability to modify routing tables, firewall rules, and service settings on the CPE, redirecting or intercepting traffic for connected clients.
  • Can be used to crash or reboot the device, disrupting internet or LAN connectivity for all users and services behind the affected CPE.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-35904 is active across all customer environments and will flag any image containing an affected T3 Technology CPE component at the moment it appears in a registry or pipeline scan. Because no upstream fix has been published, HarborGuard monitors the advisory on every ingest cycle and will generate a patched-image rebuild and, for customers with auto-remediation enabled, open a PR against affected workloads as soon as T3 Technology releases a remediated version. In the interim, compensating controls worth evaluating include network-policy rules that restrict access to the device's web management port to trusted administrative subnets only, egress filtering to prevent the Telnet port (TCP 23) from being reached from untrusted network segments, and disabling the web management interface entirely on devices where remote administration is not operationally required. HarborGuard will surface an alert and rebuild notification automatically when the upstream patch becomes available, with no manual advisory polling needed.

See how HarborGuard automates this
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References