pwnOnu

4 exploits Active since Jun 2026
CVE-2026-35904 NOMISEC CRITICAL WRITEUP
T3 Technology CPE T625Pro 1.0.07 T6825G 1.0.03 T7281 1.0.03 - Unauthenticated Telnet Service Enablement via CGI Request
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.
CVSS 9.8
CVE-2026-35904 WRITEUP CRITICAL WRITEUP
T3 Technology CPE T625Pro 1.0.07 T6825G 1.0.03 T7281 1.0.03 - Unauthenticated Telnet Service Enablement via CGI Request
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.
CVSS 9.8
CVE-2026-35905 WRITEUP CRITICAL WRITEUP
T3 Technology CPE T625Pro 1.0.07, T6825G 1.0.03, T7281 1.0.03 - Hardcoded Password for Root Access
T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.
CVSS 9.8
CVE-2026-35906 WRITEUP CRITICAL WRITEUP
T3 Technology CPE T625Pro 1.0.07 and T6825G 1.0.03 - Unauthenticated Remote Code Execution via Debug CGI Endpoint
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.
CVSS 9.6