CVE-2026-35906 | THREATINT

Description

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.

PUBLISHED Reserved 2026-04-06 | Published 2026-06-04 | Updated 2026-06-04 | Assigner mitre

References

github.com/...ogy-CPE-Advisories/blob/main/CVE-2026-35906.md exploit

www.ncsa.or.th

t3techgroup.com

www.true.th/

github.com/...ogy-CPE-Advisories/blob/main/CVE-2026-35906.md

cve.org (CVE-2026-35906)

nvd.nist.gov (CVE-2026-35906)

Download JSON