The CERT Coordination Middle (CERT/CC) has disclosed particulars of an unpatched security flaw impacting TOTOLINK EX200 wi-fi vary extender that might permit a distant authenticated attacker to achieve full management of the system.
The flaw, CVE-2025-65606 (CVSS rating: N/A), has been characterised as a flaw within the firmware-upload error-handling logic, which may trigger the system to inadvertently begin an unauthenticated root-level telnet service. CERT/CC credited Leandro Kogan for locating and reporting the difficulty.
“An authenticated attacker can set off an error situation within the firmware-upload handler that causes the system to start out an unauthenticated root telnet service, granting full system entry,” CERT/CC stated.
Profitable exploitation of the flaw requires an attacker to be already authenticated to the online administration interface to entry the firmware-upload performance.
CERT/CC stated the firmware-upload handler enters an “irregular error state” when sure malformed firmware information are processed, inflicting the system to launch a telnet service with root privileges and with out requiring any authentication.
This unintended distant administration interface might be exploited by the attacker to hijack vulnerable units, resulting in configuration manipulation, arbitrary command execution, or persistence.
In keeping with CERT/CC, TOTOLINK has not launched any patches to handle the flaw, and the product is claimed to be now not actively maintained. TOTOLINK’s internet web page for EX200 exhibits that the firmware for the product was final up to date in February 2023.
Within the absence of a repair, customers of the equipment are suggested to limit administrative entry to trusted networks, forestall unauthorized customers from accessing the administration interface, monitor for anomalous exercise, and improve to a supported mannequin.
