Perceptive Security
SOC/SIEM Consultancy
Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover
Published:
6 January 2026 at 15:47:00
Alert date:
6 January 2026 at 17:02:21
Source:
thehackernews.com
Mobile & IoT, Network Infrastructure, Zero-Day Vulnerabilities
CERT/CC disclosed an unpatched security flaw in TOTOLINK EX200 wireless range extender that allows remote authenticated attackers to gain full control of the device. The vulnerability, CVE-2025-65606, is characterized as a flaw in the firmware-upload error-handling logic that could cause the device to inadvertently start executing malicious code. This represents a complete device takeover scenario for affected wireless range extenders. The flaw remains unpatched, posing ongoing risks to users of this network device.
Technical details
CVE-2025-65606 is a flaw in the firmware-upload error-handling logic of TOTOLINK EX200 wireless range extender. When malformed firmware files are processed, the firmware-upload handler enters an abnormal error state, causing the device to inadvertently start an unauthenticated root-level telnet service. Successful exploitation requires an attacker to be already authenticated to the web management interface to access the firmware-upload functionality. This creates an unintended remote administration interface with root privileges that requires no authentication.
Mitigation steps:
Restrict administrative access to trusted networks, prevent unauthorized users from accessing the management interface, monitor for anomalous activity, and upgrade to a supported model. The product is no longer actively maintained and no patches are available.
Affected products:
TOTOLINK EX200 wireless range extender
Related links:
https://kb.cert.org/vuls/id/295169
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/144/ids/36.html
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.