CVE-2025-65606

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 (affected versions not specified)

Description A critical flaw exists in the TOTOLINK EX200 wireless extender that allows for full remote control of the device. The issue stems from a vulnerability in the firmware-upload error handling, which can trigger an unauthenticated root-level Telnet service. An attacker with web-admin access can exploit this by uploading a malformed firmware file, leading to full device takeover. The device is end-of-life and there is no patch available from the vendor. This flaw could allow attackers to manipulate device configurations and execute unauthorized commands. The potential impact is global, affecting home and small/medium business networks.

Recommendations Restrict management access to the TOTOLINK EX200 to trusted networks. Monitor network traffic for unexpected Telnet activity. Replace the TOTOLINK EX200 with a supported and secure model. Isolate the device completely from sensitive networks if continued use is necessary.