Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center CERT/CC has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 CVSS score: N/A, has been characterized as a flaw...

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

EUVD-2025-35312

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

CVE-2021-27171

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell or tshell...

CVE-2020-13365

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0,...

NETGEAR DGN2200 Multiple Vulnerabilities

Nessus was able to determine that the remote device is a NETGEAR DGN2200. This device is affected by multiple vulnerabilities, the worst of which allow an unauthenticated, adjacent attacker to gain root telnet access to the device. C Tenable Network Security, Inc. include"compat.inc"; if...