Vulnerability in Totolink Range Extender Allows Device Takeover - SecurityWeek

A security flaw in the discontinued Totolink EX200 wireless range extender (CVE-2025-65606) allows attackers to gain full system access by triggering an unauthenticated Telnet service with root privileges. Exploitation requires authenticated access to the device’s web management interface, and no patch is available, necessitating device replacement and network access restrictions.