CVE-2026-35904
Description
T3 Technology CPE devices have an access control flaw allowing local network attackers to enable Telnet via a crafted HTTP request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
T3 Technology CPE devices have an access control flaw allowing local network attackers to enable Telnet via a crafted HTTP request.
Vulnerability
An incorrect access control vulnerability exists in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03. The /cgi-bin/telnetenable.cgi component does not enforce authentication, allowing any device on the same network segment to enable the Telnet service [2].
Exploitation
An attacker on the same local network segment as the vulnerable device can exploit this vulnerability by sending an unauthenticated HTTP GET request to the /cgi-bin/telnetenable.cgi endpoint with the parameter telnetenable=1 [2]. This can be done directly via a browser or a script, targeting the device's IP address.
Impact
Successful exploitation enables the Telnet service on the target device, typically running on port 23. This opens an additional attack surface, potentially allowing for credential-based attacks and further compromise of the device. The vulnerability leads to high confidentiality and integrity impacts, as described by CVSS metrics [2].
Mitigation
No patched firmware versions have been disclosed in the available references. Users are advised to restrict network access to the management interface and consider disabling Telnet if it is not required. The affected products are T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 [2].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: =1.0.07
- Range: =1.0.03
- Range: =1.0.03
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The CGI endpoint telnetenable.cgi lacks authentication and session validation, allowing unauthorized access."
Attack vector
An attacker on the same local network segment can send a crafted HTTP GET request to the `/cgi-bin/telnetenable.cgi` endpoint. This request does not require any authentication or user interaction to be processed. The request payload simply needs to include the parameter `telnetenable=1` to trigger the vulnerability. This allows the attacker to enable the Telnet service on the target device [ref_id=1].
Affected code
The vulnerability resides in the CGI component `/cgi-bin/telnetenable.cgi`. This component is responsible for enabling the Telnet service on the affected T3 Technology CPE models. The advisory explicitly states that this endpoint does not enforce any authentication or session validation [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. It recommends that users upgrade to newer firmware versions if available. Without a patch, the exact remediation steps are not detailed, but the vulnerability is described as an incorrect access control issue [ref_id=1].
Preconditions
- networkAttacker must be on the same local network segment as the target device.
- authNo authentication is required to exploit this vulnerability.
Reproduction
GET /cgi-bin/telnetenable.cgi?telnetenable=1 HTTP/1.1 Host: {ONU_IP}
Or simply via browser: http://{ONU_IP}/cgi-bin/telnetenable.cgi?telnetenable=1 [ref_id=1]
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.