- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
TOTOLINK EX200 Vulnerable to Remote Takeover
Unpatched Firmware Flaw Leaves Wireless Extenders Exposed
Apr. 10, 2026 at 6:14pm
Got story updates? Submit your updates here. ›
A vulnerable TOTOLINK EX200 wireless extender glows with the threat of remote takeover, exposing the need for better long-term security support from manufacturers.Today in MiamiA critical security vulnerability has been uncovered in TOTOLINK EX200 wireless range extenders, putting the devices at risk of full remote takeover. The unpatched flaw, CVE-2025-65606, allows an authenticated attacker to gain root-level access and control the device. However, successful exploitation requires initial access to the web management interface, making it an insider threat scenario.
Why it matters
The lack of a firmware patch from TOTOLINK is concerning, as the EX200 model is no longer actively maintained. This leaves users with an unsupported device and no official fix, raising questions about manufacturer accountability for long-term security and support.
The details
The vulnerability lies in the firmware-upload error-handling logic, which can be triggered by an authenticated attacker to start an unauthenticated root-level telnet service. This essentially hands over full system access, allowing the attacker to manipulate configurations, execute arbitrary commands, and establish persistence on the device.
- The last firmware update for the EX200 was in February 2023.
The players
TOTOLINK
An American wireless networking equipment manufacturer that produced the vulnerable EX200 range extender.
CVE-2025-65606
The unpatched firmware vulnerability that allows remote takeover of TOTOLINK EX200 devices.
What’s next
With no patches forthcoming, users are advised to restrict administrative access, monitor for suspicious activity, and consider upgrading to a supported model.
The takeaway
This vulnerability highlights the importance of long-term security support and updates from manufacturers, especially for connected devices. The lack of a fix puts users at risk and raises questions about accountability in the tech industry.
Miami top stories
Miami events
Apr. 11, 2026
Nu Deco Ensemble - Ages: 14+
Apr. 11, 2026
The BIG Show Improv Comedy Miami
Apr. 12, 2026
Paloma San Basilio - "Gracias Tour"