The CERT Coordination Center (CERT/CC) has disclosed detailed information regarding an unpatched security flaw (CVE-2025-65606, CVSS score N/A) affecting the TOTOLINK EX200 wireless range extender. This vulnerability carries a critical risk, potentially allowing a remote authenticated attacker to gain full control of the device.
The core of the defect lies in the firmware-upload error-handling logic. This unintended behavior in the logic could inadvertently cause the device to accept illicit external manipulation, ultimately leading to potential Remote Code Execution (RCE).
Firmware-level vulnerabilities in IoT devices and network equipment constitute a chain weakness in endpoint security within the Web3 ecosystem. Attackers could exploit this control to intercept network traffic or initiate infiltration efforts into the internal network via the compromised device. As of now, no official patch has been provided by the vendor for this vulnerability. Users are strongly advised to implement urgent mitigation strategies, such as suspending the device’s usage or operating it on an isolated network.
Source: Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover
Unpatched Firmware Flaw in TOTOLINK EX200 Poses Risk of Full Remote Device Takeover
News
コメント