The CERT Coordination Center (CERT/CC) has disclosed details of an unpublished security flaw affecting the TOTOLINK EX200 Wireless Range Extender that could allow a remote authenticated attacker to gain full control of the device.
Shortcoming, CVE-2025-65606 (CVSS Score: N/A), is described as a flaw in the firmware-upload error-handling logic, which can cause a device to inadvertently start an unauthenticated root-level Telnet service. CERT/CC credits Leandro Kogan for discovering and reporting this issue.
“An authenticated attacker could trigger an error condition in the firmware-upload handler that causes the device to initiate an unauthenticated root telnet service, providing full system access,” CERT/CC said.
Successful exploitation of the flaw requires the attacker to already be authenticated on the web management interface to access the firmware-upload functionality.
CERT/CC said that when certain malformed firmware files are processed, the firmware-upload handler enters an “abnormal error state”, causing the device to launch a Telnet service with root privileges and without requiring any authentication.
This unpatched remote administration interface can be used by an attacker to hijack vulnerable devices, leading to configuration manipulation, arbitrary command execution, or persistence.
According to CERT/CC, TOTOLINK has not released any patches to fix the flaw, and the product is said to be no longer actively maintained. TOTOLINK’s web page for the EX200 shows that the firmware for the product was last updated in February 2023.
In the absence of a solution, users of the appliance are advised to restrict administrative access to trusted networks, prevent unauthorized users from accessing the management interface, monitor unusual activity, and upgrade to a supported model.
