—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in TOTOLINK EX200 Firmware 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

TOTOLINK EX200 Wi-Fi Range Extender Firmware (End of Life Model)

Overview

A vulnerability has been reported in TOTOLINK EX200 Firmware which could allow an attacker to gain root-level telnet access resulting in complete system compromise.

Target Audience:

Home users, Network and Security Administrators, IT Operations and System Engineers, Enterprise Architects and CIOs/CTOs, Managed Service Providers (MSPs) using TOTOLINK EX200 Wi-Fi Range Extender

Risk Assessment:

High risk to confidentiality, integrity, and availability.

Impact Assessment:

Potential for complete system compromise, network disruption, and potential data exposure.

Description

TOTOLINK EX200 Firmware is the embedded software that controls the operation, configuration, and network functionality of the TOTOLINK EX200 Wi-Fi range extender.

This vulnerability exists in the TOTOLINK EX200 firmware due to improper handling of malformed firmware upload requests. An authenticated attacker could exploit this vulnerability by uploading a specially crafted firmware file, resulting in gaining access to root-level Telnet service.

Successful exploitation could allow the attacker to gain complete control of the device, execute arbitrary commands, modify configurations, and potentially compromise the target network.

Workaround

Restrict administrative access to trusted networks only.

Prevent unauthorized users from accessing the management interface.

Monitor the device for suspicious or anomalous activity.

Replace or upgrade the device with a supported and actively maintained model.

Vendor Information

Totolink

https://www.totolink.net/

References

 

https://thecyberexpress.com/cve-2025-65606-totolink-ex200-firmware/

https://www.securityweek.com/vulnerability-in-totolink-range-extender-allows-device-takeover/

CVE Name

CVE-2025-65606

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlhGDQACgkQ3jCgcSdc

ys/ZSA//ZID2je1m+93ksGn1Py/I+zZ3scvabxmEC/B5kZovj3nWUSCNjipEDuHi

uYmmbgUM9FIuXEoU0FWHeedEhtBIVN18qw+I9vTVHz3ezvpHmrkuxdmDM4uZQc+J

3Tpj0k7OF/wABgG+GfIWy13ukjEGJFLILbddpWiidpEehQKVhLfm8/+hPn9D0r7C

DOJpx/7E5Yj03Zd8D1Tp2/jgt0mYGzzWNQDObxpIEKtFjQX/k+DoRA9UtyGBAo5a

kV0URGogc93FI3yWU8QMcNA0OdJlXwhsuOhH3NJOKYNtQccIe33p/yriOPyiGMCq

JgFDzLj2iN83jsmHUKCbEJ6JtMvpu+Iu9Mm9FAcc8nhZ/cJOSS0kLzA4PGoqIB0w

AFPB2e81SH8y/8cES0ZrKN0UO6LS5J0l2v3hPhwJlj3x84dd9nzf4RHg+g7HtCNa

h0UBmo0cO81J1Db/L+Oux9CHIcSbGRUDKw41bK+uyPW3eJwAcPV0MSdRbEfquIyl

8MxznY7dqlglVgVA/XhQ17N6D8X3GoHZbQM3dEYRpQYD5buEHaMC3UbtgvGjuFjx

5DKhB53FkWeP9faiCCEuHM4z1phsI/frJnVLs2RCkXykd0GGkSzyKvFjGmNfbkWG

H6DntIvs986NV9lgiBmEG7qI2jJDdE58BpSAPdTKCM0PSEej1ok=

=w/a8

—–END PGP SIGNATURE—–