CVE-2026-35905

Vulnerability

T3 Technology CPE models T625Pro (v1.0.07), T6825G (v1.0.03), and T7281 (v1.0.03) contain hardcoded credentials for the 'superadmin' account, granting root-level access. These credentials are static and identical across all affected devices, and are present in the system firmware, specifically within /etc/passwd and /etc/shadow files [1].

Exploitation

An attacker with adjacent network access to the affected devices can exploit this vulnerability without requiring any privileges or user interaction. By using the hardcoded username superadmin and the corresponding password (t4246#5753 for Telnet or t4246#5753S@dM1n for the web GUI, depending on provisioning state), an attacker can gain access to the device's management interface [1].

Impact

Successful exploitation grants an attacker full root access to the device. This allows for complete control over the device, potentially leading to high confidentiality, integrity, and availability impacts. The attacker can perform any action with root privileges on the compromised system [1].

Mitigation

No specific patched firmware versions or release dates have been disclosed in the available references. It is recommended to restrict network access to the management interfaces of these devices. Further information regarding mitigation or a permanent fix is not yet available [1, 2, 3].