ASUS Router Hacked via Unpatched 2018 Flaw, RondoDox Malware Spotted

Post Views: 3

ASUS Router Vulnerability Exploited by RondoDox Botnet Results in Over One Million Devices Compromised

Cybersecurity researchers at VulnCheck have identified a significant threat to the global network infrastructure, with the RondoDox botnet exploiting a critical vulnerability in ASUS routers to gain unauthorized access to over one million devices.

The vulnerability, designated as CVE-2018-5999, is a critical unauthenticated configuration update vulnerability with a CVSS score of 9.8/10, allowing attackers to modify router settings without requiring a password.
The exploitation of this vulnerability was first detected by VulnCheck’s specialized system, the VulnCheck Canary Network, which monitors potential threats across various platforms.
The analysis revealed that the RondoDox botnet, known for its extensive arsenal of exploits, began exploiting the vulnerability on May 17, 2026.
Despite the availability of exploit code since 2018, this marks the first instance of the vulnerability being used in a real-world attack.

Jacob Baines, the Chief Technology Officer at VulnCheck, emphasized that RondoDox is notorious for implementing numerous exploits, including those associated with CVEs in the 170s. “He noted that the fact that this vulnerability was exploited by RondoDox is not surprising, given the botnet’s capabilities.”

The impact of this vulnerability is significant due to the widespread presence of ASUS routers globally. With over one million devices potentially affected, the risk of compromise is substantial. ASUS routers are manufactured in Taiwan and China and are widely used in homes, making them a prime target for cybercriminals seeking to exploit outdated technology.

In addition to this vulnerability, the RondoDox botnet has been linked to other attacks, including a recent campaign targeting smart cameras and websites by exploiting a critical Next.js vulnerability called React2Shell (CVE-2025-55182).
This highlights the ongoing threat posed by RondoDox and underscores the need for vigilance in protecting against emerging threats.

VulnCheck’s research also reveals that 56% of internet edge devices attacked in 2025 were consumer routers, while 65% of vulnerabilities used by botnets were on unsupported technology.”This trend emphasizes the importance of prioritizing software updates and patching for critical vulnerabilities to prevent exploitation by cybercriminals,” the report concludes.

As the cybersecurity landscape continues to evolve, it is essential for organizations and individuals to remain proactive in addressing emerging threats and vulnerabilities. By staying informed and taking necessary precautions, we can mitigate the risks associated with attacks like the RondoDox botnet and protect our networks from unauthorized access.