Ethical Hacking News
A critical unpatched firmware flaw in TOTOLINK EX200 devices has exposed them to full remote device takeover. According to CERT/CC, the vulnerability can be exploited by authenticated attackers through a malformed firmware upload, granting access to the device's root-level telnet service. Users of affected devices are advised to restrict administrative access, monitor for anomalous activity, and upgrade to a supported model. Stay informed about this critical IoT security flaw and learn more about protecting your devices from similar vulnerabilities.
An unpatched security flaw (CVE-2025-65606) has been identified in the TOTOLINK EX200 wireless range extender. A vulnerability in firmware-upload error-handling logic allows for full remote device takeover. Authenticated attackers can trigger an error condition to gain unauthorized telnet access and manipulate device settings. TOTOLINK has not released patches or updates, and the product is no longer actively maintained. Users are advised to restrict administrative access, monitor for anomalous activity, and upgrade to a supported model if possible.
In a recent disclosure by the CERT Coordination Center (CERT/CC), an unpatched security flaw has been identified in the TOTOLINK EX200 wireless range extender, exposing it to full remote device takeover. The vulnerability, characterized as CVE-2025-65606, has been classified under the CVSS scoring system and is said to be a result of a flaw in the firmware-upload error-handling logic.
According to CERT/CC, an authenticated attacker can trigger an error condition in the firmware-upload handler that causes the device to start an unauthenticated root-level telnet service, thereby granting full system access. This unintended remote administration interface could be exploited by the attacker to hijack susceptible devices, leading to configuration manipulation, arbitrary command execution, or persistence.
The exploit requires the attacker to be already authenticated to the web management interface to access the firmware-upload functionality. Once successful, the attacker can use this unauthorized telnet connection to manipulate the device's settings, run malicious commands, and potentially gain long-term access to the device.
It is worth noting that TOTOLINK has not released any patches or updates to address this vulnerability, and it appears that the product is no longer actively maintained. The firmware for the EX200 was last updated in February 2023, indicating a lack of recent security attention from the manufacturer.
In light of this critical flaw, users of the affected devices are advised to take immediate action to protect themselves. Firstly, they should restrict administrative access to trusted networks and prevent unauthorized users from accessing the management interface. Furthermore, monitoring for anomalous activity is also recommended, as well as upgrading to a supported model if possible.
The absence of a fix from TOTOLINK highlights the ongoing need for vigilant security practices among consumers of IoT devices. As more and more devices become connected to our networks, the potential attack surface grows exponentially, making it increasingly important to stay informed about the latest vulnerabilities and take proactive measures to secure them.
In conclusion, this critical unpatched firmware flaw in TOTOLINK EX200 devices serves as a stark reminder of the importance of prioritizing security when selecting IoT products. As consumers, we must be aware of these risks and take steps to mitigate them, lest we fall victim to potential cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-IoT-Security-Flaw-Exposes-TOTOLINK-EX200-Devices-to-Full-Remote-Device-Takeover-ehn.shtml
https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html
Published: Tue Jan 6 10:45:09 2026 by llama3.2 3B Q4_K_M
