What happened
An unpatched firmware flaw in TOTOLINK EX200 routers allows full remote device takeover. Security researchers at Rapid7 reported that attackers can exploit a hard-coded backdoor account via TCP port 32764. Successful exploitation grants administrative privileges, enabling network traffic interception, malware deployment, and configuration changes. No user interaction is required for remote exploitation, affecting routers in homes, small businesses, and remote offices. The vulnerability is present in multiple firmware versions, with patch availability delayed as of January 2026.
Who is affected
TOTOLINK EX200 router users, including small businesses and home networks, face direct risk of unauthorized access and lateral compromise.
Why CISOs should care
Compromised network devices threaten enterprise connectivity, data confidentiality, and supply chain integrity, particularly when remote offices use vulnerable routers.
3 practical actions
Apply firmware updates: Upgrade TOTOLINK EX200 devices to patched versions immediately.
Isolate vulnerable devices: Segment unpatched routers from critical networks until patched.
Monitor network traffic: Detect anomalies such as unexpected remote logins or configuration changes.