The CERT Coordination Center (CERT/CC) has detailed an unpatched security flaw affecting the TOTOLINK EX200 Wireless Range Extender. This flaw could allow a remote authenticated attacker to gain complete control of the device.
This flaw, CVE-2025-65606 (CVSS score: N/A), is characterized as a flaw in the firmware upload error handling logic, which could allow a device to erroneously start an unauthorized root-level Telnet service. CERT/CC credits Leandro Kogan with discovering and reporting this issue.
“An authenticated attacker could cause an error condition in the firmware upload handler, causing the device to start an unauthenticated root Telnet service, allowing full system access,” CERT/CC said.
Successful exploitation of this flaw requires an attacker to already authenticate to the web management interface in order to access the firmware upload functionality.
According to CERT/CC, when certain malformed firmware files are processed, the firmware upload handler enters an “abnormal error state” that causes the device to launch the Telnet service with root privileges without requiring authentication.
This unintended remote management interface can be exploited by an attacker to hijack a susceptible device and lead to configuration manipulation, arbitrary command execution, or persistence.
According to CERT/CC, TOTOLINK has not released a patch to address this flaw, and the product is said to be no longer actively maintained. TOTOLINK’s EX200 webpage indicates that the product’s firmware was last updated in February 2023.
In the absence of a fix, appliance users are advised to limit management access to trusted networks, prevent unauthorized users from accessing the management interface, monitor for unusual activity, and upgrade to supported models.
Source link
