CVE-2026-35906
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
04/06/2026
Last modified:
04/06/2026
Description
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.
Impact
Base Score 3.x
9.60
Severity 3.x
CRITICAL



