#VU121091 Improper error handling in EX200 - CVE-2025-65606
Published: January 8, 2026
Vulnerability identifier: #VU121091
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-65606
CWE-ID: CWE-388
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EX200
EX200
Software vendor:
TOTOLINK
TOTOLINK
Description
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to an error in the firmware-upload logic that causes the device to unintentionally start an unauthenticated root-level telnet service in case of unsuccessful firmware update. A remote attacker can trick the victim into uploading malformed firmware files and full control over the device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability and the product is no longer supported by the vendor.