In an unprecedented move that has delighted remote attackers everywhere, the TOTOLINK EX200 has become the unexpected darling of the vulnerability world. Who could have guessed that a simple firmware-upload error would so generously open the doors to complete device takeover? Well, everyone except TOTOLINK, it seems.

The flaw, affectionately known by its friends as CVE-2025-65606, is a striking example of what happens when error-handling logic takes a vacation. This oversight has turned the humble wireless range extender into a veritable digital amusement park for cyber crooks looking for some remote control hijinks.

In a twist of irony, the CERT Coordination Center, also known as the buzzkill of the hacker community, disclosed the flaw before TOTOLINK could adopt ‘unintentional feature’ as their marketing slogan. Meanwhile, end users are advised to store their range extenders in lead-lined safes until a patch is released, sometime between now and the next millennium.