Vulnerability in Totolink Range Extender Allows Device Takeover

Posted on By CWS

A safety defect within the discontinued Totolink EX200 wi-fi vary extender may enable attackers to take over weak gadgets, the CERT Coordination Heart (CERT/CC) warns.

Tracked as CVE-2025-65606, the vulnerability impacts the firmware-upload error-handling logic of the community extender.

When processing malformed firmware information, the firmware-upload handler enters an irregular error state, which ends up in the launch of a Telnet service.

The service runs with root privileges and doesn’t require authentication, thus offering full system entry, CERT/CC notes.

“As a result of the telnet interface is often disabled and never meant to be uncovered, this conduct creates an unintended distant administration interface,” CERT/CC’s advisory reads.

Profitable exploitation of the vulnerability, nonetheless, requires authenticated entry to the gadget’s net administration interface, to set off the error within the firmware-upload performance.Commercial. Scroll to proceed studying.

“As soon as the error situation is triggered, the ensuing unauthenticated telnet service gives full management of the gadget,” CERT/CC says.

An attacker in a position to set off the bug positive aspects full management of the gadget, which permits them to change configurations and execute arbitrary instructions to infiltrate the native community.

The weak Totolink EX200 extender is now not maintained, with the final firmware updates launched in 2021 and 2023 (for {hardware} revision 1 and a pair of, respectively).

No patch is on the market for the newly disclosed safety defect, which was reported by Leandro Kogan.

“Customers ought to prohibit administrative entry to trusted networks, stop untrusted customers from accessing the administration interface, monitor for surprising telnet exercise, and plan to interchange the weak gadget,” CERT/CC notes.

Associated: Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’

Associated: Cisco Routers Hacked for Rootkit Deployment

Associated: Unauthenticated RCE Flaw Patched in DrayTek Routers

Associated: Totolink Routers, Different System Exploits Added to Beastmode Botnet

Security Week News Tags:, , , , ,

Related Posts

China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years Security Week News
Ahold Delhaize Data Breach Impacts 2.2 Million People Security Week News
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist Security Week News
US Insurance Industry Warned of Scattered Spider Attacks Security Week News
Critical King Addons Vulnerability Exploited to Hack WordPress Sites Security Week News
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS Security Week News