A security defect in the discontinued Totolink EX200 wireless range extender could allow attackers to take over vulnerable devices, the CERT Coordination Center (CERT/CC) warns.
Tracked as CVE-2025-65606, the vulnerability impacts the firmware-upload error-handling logic of the network extender.
When processing malformed firmware files, the firmware-upload handler enters an abnormal error state, which results in the launch of a Telnet service.
The service runs with root privileges and does not require authentication, thus providing full system access, CERT/CC notes.
“Because the telnet interface is normally disabled and not intended to be exposed, this behavior creates an unintended remote administration interface,” CERT/CC’s advisory reads.
Successful exploitation of the vulnerability, however, requires authenticated access to the device’s web management interface, to trigger the error in the firmware-upload functionality.
“Once the error condition is triggered, the resulting unauthenticated telnet service provides full control of the device,” CERT/CC says.
An attacker able to trigger the bug gains complete control of the device, which allows them to modify configurations and execute arbitrary commands to infiltrate the local network.
The vulnerable Totolink EX200 extender is no longer maintained, with the last firmware updates released in 2021 and 2023 (for hardware revision 1 and 2, respectively).
No patch is available for the newly disclosed security defect, which was reported by Leandro Kogan.
“Users should restrict administrative access to trusted networks, prevent untrusted users from accessing the management interface, monitor for unexpected telnet activity, and plan to replace the vulnerable device,” CERT/CC notes.
Related: Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’
Related: Cisco Routers Hacked for Rootkit Deployment
Related: Unauthenticated RCE Flaw Patched in DrayTek Routers
Related: Totolink Routers, Other Device Exploits Added to Beastmode Botnet
