A critical security flaw has been discovered in the TOTOLINK EX200 Wi-Fi extender that allows attackers to gain complete control over the device.
The vulnerability involves a logic error in how the device handles failed firmware updates, inadvertently opening a backdoor with the highest possible privileges.
Because the TOTOLINK EX200 is officially End-of-Life (EoL), the vendor has not released a patch, leaving users with no software-based remedy.
The Technical Issue
| CVE ID | Vulnerability Type | Risk Level | Status |
| CVE-2025-65606 | Improper Error Handling | Critical | Unpatched (End-of-Life) |
The vulnerability, tracked as CVE-2025-65606, resides in the firmware-upload mechanism of the device.
Under normal circumstances, the Telnet remote administration interface is disabled to prevent unauthorized access. However, researchers found that the device’s error-handling logic is flawed.
If an authenticated user uploads a specifically malformed firmware file, the device enters an abnormal error state.
Instead of failing safely, the device reacts by launching a Telnet service with root privileges. Crucially, this Telnet service does not require a password.
To exploit this, an attacker must first have access to the web management interface (either by knowing the credentials or if default credentials were left unchanged).
Once they trigger the error, they can connect via Telnet and execute commands as “root,” granting them full system access.
Impact
- Full System Compromise: Attackers can modify configurations and execute arbitrary commands.
- Network Foothold: The compromised device can be used to launch attacks on other devices within the local network.
- Persistent Access: Attackers can establish a permanent presence on the network.
TOTOLINK has confirmed that because the EX200 is an EoL product, no security update will be released to fix this issue.
Security experts advise users to replace the vulnerable EX200 extenders with supported hardware immediately.
If replacement is not currently possible, administrators should strictly isolate the device, ensure the management interface is not accessible from untrusted networks, and monitor for any unexpected Telnet traffic.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.