Endpoint Safety
,
Web of Issues Safety
Botnet Operators Execute First Identified Exploit of Almost Decade-Outdated Flaw
Operators behind a botnet picked up on an almost decade-old flaw in Asus routers permitting an unauthenticated attacker to attain distant code execution as a root person.
See Additionally: Airways and Airports: Visibility Throughout OT, IoT, and IT
Researchers at VulnCheck flagged in-the-wild exploitation of CVE-2018-5999, a important flaw carrying a 9.8 CVSS rating, to the RondoDox botnet. The botnet, which surfaced in mid-2025 and focuses on Linux methods, is commonly classed as a variant of the Mirai botnet. “In contrast to Mirai, this malware’s sole goal is to execute DoS assaults, whereas Mirai shouldn’t be solely able to doing DoS assaults but additionally scan and exploit different methods,” wrote Bitsight in March.
VulnCheck started observing exploitation of the Asus vulnerability on Might 17. “Public exploits have been accessible since 2018,” wrote VulnCheck CTO Jacob Baines in a Friday LinkedIn publish. “However till now, we hadn’t seen the vulnerability exploited within the wild.”
RondoDox depends on a multi-stage assault chain constructed round mass exploitation, notably specializing in end-of-life and IoT gadgets. Its scans for uncovered gadgets, making an attempt to use certainly one of probably dozens of embedded CVEs directly, usually chaining flaws collectively earlier than introducing a malware payload, which connects to command-and-control infrastructure.
“RondoDox is well-known for implementing a ton of exploits. Some analyses have tracked its CVE associations properly into the 170s, so it’s not shocking or new that they’re utilizing older ones too,” mentioned Baines.
In accordance with Bitsight evaluation, risk actors behind RondoDox seemingly monitor vulnerability disclosures, exploiting sure CVEs linked to client tech earlier than publication. With “compromised residential IPs” serving as its internet hosting infrastructure, the botnet depends on older vulnerabilities present in “broadly deployed, largely end-of-life client routers” to take care of persistence.
“There are a ton of Asus routers on-line, greater than 1 million, so it’s very conceivable that that is working for RondoDox,” mentioned Baines.
