TOTOLINK EX200 Vulnerability Enables Remote Device Takeover

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has revealed a critical vulnerability (CVE-2025-65606) in the TOTOLINK EX200 wireless range extender, potentially allowing complete remote control of affected devices. The flaw stems from improper error handling during firmware uploads, enabling an unauthenticated root-level telnet service.

Why This Matters

Ideal network security models assume timely patching of vulnerabilities, but real-world scenarios often involve end-of-life devices lacking updates. The TOTOLINK EX200, last updated in February 2023, exemplifies this risk; exploitation could lead to widespread compromise of vulnerable devices, with potential costs ranging from data breaches to botnet recruitment.

Key Insights

• CVE-2025-65606: Discovered by Leandro Kogan, this vulnerability allows unauthenticated root access via telnet.
• Firmware Upload Handling: The flaw is triggered by malformed firmware files processed by the device’s upload handler.
• End-of-Life Devices: The TOTOLINK EX200 is no longer actively maintained, leaving users with limited remediation options.

Practical Applications

• Use Case: Home or small office networks using the TOTOLINK EX200 are susceptible to complete compromise if an attacker gains initial web interface access.
• Pitfall: Relying on outdated or unsupported devices creates significant security risks due to the lack of vulnerability patches.

References:

• https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html