A critical unpatched vulnerability, CVE-2025-65606, affects the TOTOLINK EX200 wireless extender, allowing full remote control through root access via an unauthenticated telnet service. Since the device is end-of-life and no fix is available, users face ongoing security risks and are advised to replace it. #CVE-2025-65606 #TOTOLINKEX200
Keypoints
- The vulnerability CVE-2025-65606 impacts the firmware-upload mechanism of the TOTOLINK EX200 extender.
- Malconfigured firmware files can cause the device to run an unauthenticated root telnet service.
- Successful exploitation provides attacker full control, including configuration and command execution.
- No official patch exists as the device has reached end-of-life and is no longer maintained.
- CERT/CC recommends restricting access and planning device replacement to mitigate risks.
Read More: https://thecyberexpress.com/cve-2025-65606-totolink-ex200-firmware/