T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.
The firmware of selected T3 Technology CPE models contains a hardcoded password for the 'superadmin' account with root privileges (CWE-259 — use of hardcoded password). Since the password is identical across all instances of a given model, an attacker knowing this password can log in to any device without any additional authorization. No user interaction or prior authentication is required, and the attack can be performed remotely over the network.
An attacker gains full administrative (root) access to the device, enabling takeover of the subscriber network, modification of configuration, installation of malicious software, and use of the device as a starting point for further attacks.
Apply patches available from the manufacturer according to the references. Until firmware is updated, it is recommended to isolate devices from public network access, restrict access to the management interface, and monitor login attempts to the 'superadmin' account.
T3 Technology CPE: model T625Pro v1.0.07, model T6825G v1.0.03, model T7281 v1.0.03
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H