A security flaw in the discontinued Totolink EX200 range extender can allow attackers to gain full control over vulnerable devices via an unintentional Telnet interface. Users are advised to restrict access and consider replacing affected devices as no patch is available. #TotolinkEX200 #CERTCC
Keypoints
- The vulnerability affects the firmware-upload error handling in the Totolink EX200 extender.
- Exploitation requires access to the deviceβs web management interface and trigger of the firmware upload error.
- Successfully exploiting the flaw grants full root control through an unintended Telnet service.
- There are no available patches; the device is no longer maintained with recent firmware updates.
- Users should enhance network restrictions and replace the vulnerable device to mitigate risks.
Read More: https://www.securityweek.com/vulnerability-in-totolink-range-extender-allows-device-takeover/