Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center CERT/CC has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 CVSS score: N/A, has been characterized as a flaw...

PT-2026-1500

Name of the Vulnerable Software and Affected Versions TOTOLINK EX200 affected versions not specified Description A critical flaw exists in the TOTOLINK EX200 wireless extender that allows for full remote control of the device. The issue stems from a vulnerability in the firmware-upload error...

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

EUVD-2024-50523

Malicious code in bioql PyPI...

EUVD-2024-29679

Malicious code in bioql PyPI...

EUVD-2024-48275

Malicious code in bioql PyPI...

EUVD-2024-48274

Malicious code in bioql PyPI...

CVE-2024-32325

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the ssid parameter in the setWiFiExtenderConfig function...

CVE-2024-32326

TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...

CVE-2024-31816

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg...

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...

CVE-2024-31813

TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...

CVE-2024-31808

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the webWlanIdx parameter in the setWebWlanIdx function...

CVE-2024-31817

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg...

CVE-2024-31814

TOTOLINK EX200 V4.0.3c.7646B20201211 allows attackers to bypass login through the FormLogin function...

CVE-2024-31806

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a Denial-of-Service DoS vulnerability in the RebootSystem function which can reboot the system without authorization...

CVE-2024-31812

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

CVE-2024-31811

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the langType parameter in the setLanguageCfg function...