12/69 Thursday, January 8, 2026
The CERT Coordination Center (CERT/CC) has disclosed details of a vulnerability tracked as CVE-2025-65606 affecting the TOTOLINK EX200 wireless range extender. The flaw allows a remote attacker with access to the device to escalate privileges to the highest level (root). The vulnerability stems from improper firmware upload error handling, which causes the system to automatically enable a root-level Telnet service that can be accessed without authentication.
According to CERT/CC, an attacker must first authenticate to the web management interface, then upload a malformed firmware file to trigger an abnormal system state. This action immediately enables the Telnet service, allowing the attacker to connect to the device, execute malicious commands, modify configurations, or establish persistence for follow-on attacks.
At present, TOTOLINK has not released a patch for this vulnerability, and the affected model is believed to have reached end-of-life (EoL) status, as its last firmware update was released in February 2023. To mitigate risk, users are advised to restrict access to the device’s management interface to trusted networks only, monitor the system for suspicious activity, and consider replacing the device with a newer model that is actively supported and receives security updates.
Source https://thehackernews.com/2026/01/unpatched-firmware-flaw-exposes.html
