CERT/CC has disclosed a critical vulnerability in the TOTOLINK EX200 wireless range extender that could allow authenticated attackers to gain full control via an unintentional root-level telnet service. The flaw, CVE-2025-65606, stems from errors in firmware upload handling and is yet unpatched, raising significant security concerns for affected users. #TOTOLINK #CVE202565606
Keypoints
- The vulnerability affects the TOTOLINK EX200 wireless extender, which is no longer actively maintained.
- 攻击者必须先访问Web管理界面,并利用固件上传功能的错误触发漏洞。
- 该漏洞会启动未经过身份验证的根级Telnet服务,允许远程完全控制设备。
- TOTOLINK尚未发布修复补丁,用户应限制管理权限并监控异常活动。
- 建议用户升级到支持的设备,以避免潜在的安全风险。
Read More: https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html