Vulnerability in Totolink Range Extender Allows Device Takeover

Posted on By CWS

A safety defect within the discontinued Totolink EX200 wi-fi vary extender may enable attackers to take over weak gadgets, the CERT Coordination Heart (CERT/CC) warns.

Tracked as CVE-2025-65606, the vulnerability impacts the firmware-upload error-handling logic of the community extender.

When processing malformed firmware information, the firmware-upload handler enters an irregular error state, which ends up in the launch of a Telnet service.

The service runs with root privileges and doesn’t require authentication, thus offering full system entry, CERT/CC notes.

“As a result of the telnet interface is often disabled and never meant to be uncovered, this conduct creates an unintended distant administration interface,” CERT/CC’s advisory reads.

Profitable exploitation of the vulnerability, nonetheless, requires authenticated entry to the gadget’s net administration interface, to set off the error within the firmware-upload performance.Commercial. Scroll to proceed studying.

“As soon as the error situation is triggered, the ensuing unauthenticated telnet service gives full management of the gadget,” CERT/CC says.

An attacker in a position to set off the bug positive aspects full management of the gadget, which permits them to change configurations and execute arbitrary instructions to infiltrate the native community.

The weak Totolink EX200 extender is now not maintained, with the final firmware updates launched in 2021 and 2023 (for {hardware} revision 1 and a pair of, respectively).

No patch is on the market for the newly disclosed safety defect, which was reported by Leandro Kogan.

“Customers ought to prohibit administrative entry to trusted networks, stop untrusted customers from accessing the administration interface, monitor for surprising telnet exercise, and plan to interchange the weak gadget,” CERT/CC notes.

Associated: Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’

Associated: Cisco Routers Hacked for Rootkit Deployment

Associated: Unauthenticated RCE Flaw Patched in DrayTek Routers

Associated: Totolink Routers, Different System Exploits Added to Beastmode Botnet

Security Week News Tags:, , , , ,

Related Posts

Many Forbes AI 50 Companies Leak Secrets on GitHub Security Week News
Pixnapping Attack Steals Data From Google, Samsung Android Phones Security Week News
Fortinet Patches Critical Authentication Bypass Vulnerabilities Security Week News
North Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers Security Week News
Hackers Start Exploiting Critical Cisco ISE Vulnerabilities Security Week News
Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations Security Week News