I want to flag a serious security issue affecting the TOTOLINK EX200 wireless range extender that hasn’t received a fix and could leave devices fully exposed.
The vulnerability was disclosed by the CERT Coordination Center and allows a remote attacker to take complete control of the device under certain conditions. The flaw, tracked as CVE-2025-65606, sits in the firmware upload process and stems from poor error handling.
According to CERT/CC, the issue occurs when a logged-in user uploads a malformed firmware file through the web management interface. Instead of safely failing, the device can slip into an abnormal error state that automatically starts a root-level telnet service with no authentication at all. Once that happens, anyone who connects gains full system access.
The vulnerability was discovered and responsibly reported by security researcher Leandro Kogan.
To be clear, an attacker must already have valid access to the device’s web interface to trigger the bug. However, once exploited, the impact is severe. The exposed telnet service can be used to change configurations, execute arbitrary commands, or establish long-term persistence on the device.
What makes this situation more concerning is that TOTOLINK has not released a patch, and the EX200 appears to be effectively end-of-life. The last firmware update for the model was published in February 2023, and there’s no indication that the product is still being actively maintained.
Until a fix becomes available, users running this device should take defensive steps immediately. That includes limiting access to the management interface to trusted networks only, blocking remote administrative access, watching closely for unusual behavior, and seriously considering replacing the extender with a currently supported model.
Leaving vulnerable networking hardware in place, especially when it exposes root access, is a risk that’s increasingly hard to justify in today’s threat landscape.