CVE-2026-35906

Vulnerability

An undocumented debug CGI endpoint, /cgi-bin/shortcut_telnet.cgi, exists in T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. This endpoint is susceptible to OS command injection and does not require any authentication to be reached [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP query string to the debug endpoint. While the endpoint is only reachable from the LAN, the vulnerability is exploitable via Blind CSRF. An external attacker can host a malicious page that, when visited by a user on the target network, triggers command execution on the CPE device without the attacker needing direct LAN access [1].

Impact

Successful exploitation allows an attacker to execute arbitrary operating system commands with root privileges on the affected device. This can lead to a complete compromise of the device's confidentiality, integrity, and availability [1].

Mitigation

No patched version or specific mitigation details are available in the provided references. The T625Pro v1.0.07 and T6825G v1.0.03 are confirmed or suspected to be affected. It is unknown if other T3 Technology models or firmware versions are vulnerable [1].