Unpatched Firmware Flaw Exposes TOTOLINK EX200 To Full Distant System Takeover

The CERT Coordination Center (CERT/CC) has disclosed particulars of an unpatched security flaw impacting TOTOLINK EX200 wi-fi fluctuate extender that might allow a distant authenticated attacker to appreciate full administration of the gadget.

The flaw, CVE-2025-65606 (CVSS ranking: N/A), has been characterised as a flaw throughout the firmware-upload error-handling logic, which can set off the gadget to inadvertently start an unauthenticated root-level telnet service. CERT/CC credited Leandro Kogan for finding and reporting the issue.

“An authenticated attacker can set off an error scenario throughout the firmware-upload handler that causes the gadget to start an unauthenticated root telnet service, granting full system entry,” CERT/CC talked about.

Worthwhile exploitation of the flaw requires an attacker to be already authenticated to the online administration interface to entry the firmware-upload efficiency.

CERT/CC talked about the firmware-upload handler enters an “irregular error state” when positive malformed firmware info are processed, inflicting the gadget to launch a telnet service with root privileges and with out requiring any authentication.

This unintended distant administration interface is perhaps exploited by the attacker to hijack inclined models, leading to configuration manipulation, arbitrary command execution, or persistence.

Consistent with CERT/CC, TOTOLINK has not launched any patches to deal with the flaw, and the product is alleged to be no longer actively maintained. TOTOLINK’s web internet web page for EX200 reveals that the firmware for the product was remaining updated in February 2023.

Inside the absence of a restore, prospects of the tools are advised to restrict administrative entry to trusted networks, cease unauthorized prospects from accessing the administration interface, monitor for anomalous train, and enhance to a supported model.