The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw affecting the TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device.
Specifically, the flaw, tracked as CVE-2025-65606 (CVSS score: N/A), stems from faulty firmware-upload error-handling logic. As a result, the device may inadvertently start an unauthenticated root-level telnet service. CERT/CC credited Leandro Kogan with discovering and reporting the issue.
“An authenticated attacker can trigger an error condition in the firmware-upload handler that causes the device to start an unauthenticated root telnet service, granting full system access,” CERT/CC said.
Importantly, successful exploitation requires the attacker to already hold valid credentials for the web management interface in order to access the firmware-upload functionality.
Technical Root Cause
Furthermore, CERT/CC explained that the firmware-upload handler enters an “abnormal error state” when it processes certain malformed firmware files. Consequently, the device launches a telnet service with root privileges and without requiring any authentication.
As a result, attackers could exploit this unintended remote administration interface to hijack vulnerable devices. This level of access enables configuration manipulation, arbitrary command execution, and the establishment of persistent access.
Patch Status and Mitigation Guidance
Meanwhile, CERT/CC reported that TOTOLINK has not released any patches to address the flaw, and the vendor no longer actively maintains the product. Notably, TOTOLINK’s EX200 product page indicates that the last firmware update shipped in February 2023.
Given the lack of a fix, CERT/CC advises users to restrict administrative access to trusted networks, block unauthorized access to the management interface, monitor devices for anomalous activity, and upgrade to a supported model.
Source: TheHackerNews
Read more at Impreza News
