CVE-2024-31805 is a vulnerability identified in the TOTOLINK EX200 router firmware version 4.0.3c.7646_B20201211. The flaw resides in the setTelnetCfg function, which controls the Telnet service configuration. Attackers can exploit this vulnerability by sending crafted requests that manipulate the telnet_enabled parameter, enabling the Telnet service without any authentication. Telnet is an insecure protocol that transmits data in plaintext, making it a significant security risk if enabled unintentionally. The vulnerability is classified under CWE-284 (Improper Access Control), indicating that the device fails to enforce proper authorization checks before allowing Telnet activation. The CVSS v3.1 base score is 6.5, reflecting medium severity, with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). This means an attacker on the same or adjacent network segment can remotely enable Telnet, potentially gaining unauthorized access to the device or network traffic. No patches or fixes are currently linked, and no known exploits have been reported in the wild, but the vulnerability poses a clear risk due to the ease of exploitation and the sensitive nature of Telnet access.

The primary impact of this vulnerability is unauthorized activation of the Telnet service on affected TOTOLINK EX200 routers, which can lead to significant confidentiality risks. Once Telnet is enabled, attackers can attempt to connect remotely and potentially intercept or manipulate network traffic, access device configuration, or launch further attacks within the network. This exposure can compromise sensitive information and network integrity. Since Telnet transmits data unencrypted, credentials and other sensitive data could be intercepted by attackers. The vulnerability does not affect integrity or availability directly but opens a pathway for further exploitation. Organizations relying on these routers, especially in environments with sensitive data or critical infrastructure, face increased risk of unauthorized access and data breaches. The lack of authentication requirement and no need for user interaction make this vulnerability easier to exploit, increasing the threat level in local or adjacent network environments.

To mitigate CVE-2024-31805, organizations should immediately verify if their network uses TOTOLINK EX200 routers running the vulnerable firmware version 4.0.3c.7646_B20201211. If so, they should disable Telnet access entirely if it is not required, as Telnet is an outdated and insecure protocol. Network administrators should restrict access to router management interfaces to trusted IP addresses and consider segmenting management networks to limit exposure. Monitoring network traffic for unexpected Telnet activation attempts can help detect exploitation attempts. Since no official patches are currently available, organizations should contact TOTOLINK support for firmware updates or advisories. Applying network-level controls such as firewall rules to block Telnet ports (TCP 23) from untrusted sources is also recommended. Additionally, replacing Telnet with secure alternatives like SSH for remote management can reduce risk. Regularly auditing router configurations and firmware versions will help maintain security posture against similar vulnerabilities.