Overview
- The vulnerability, tracked as CVE-2025-65606, stems from firmware-upload error handling that can start an unauthenticated telnet service running as root.
- Exploitation requires prior authentication to the device’s web management interface, after which attackers can obtain full control.
- The EX200 is end-of-life, and TOTOLINK has not issued a patch, with the last firmware release listed as February 2023.
- CERT/CC recommends limiting administrative access to trusted networks and monitoring for unexpected telnet activity.
- Researcher Leandro Kogan reported the flaw, and CERT/CC published the advisory on January 6, 2026.