{"id":15085,"date":"2026-05-24T18:58:37","date_gmt":"2026-05-24T18:58:37","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=15085"},"modified":"2026-05-24T18:58:37","modified_gmt":"2026-05-24T18:58:37","slug":"rondodox-botnet-exploits-2018-flaw-in-asus-routers","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=15085","title":{"rendered":"RondoDox Botnet Exploits 2018 Flaw in Asus Routers"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"generic-article\">\n<p class=\"text-muted\">\n                                            <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/endpoint-security-c-506\" id=\"asset_topic_1_1\">Endpoint Safety<\/a><br \/>\n                                                    ,<br \/>\n                                                            <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/internet-things-security-c-465\" id=\"asset_topic_1_2\">Web of Issues Safety<\/a>\n                                                    <\/p>\n<p>                    <span class=\"article-sub-title\">Botnet Operators Execute First Identified Exploit of Almost Decade-Outdated Flaw<\/span><br \/>\n                <span class=\"article-byline\"><br \/>\n                                                <a rel=\"nofollow\" target=\"_blank\" class=\"author-link\" href=\"https:\/\/www.bankinfosecurity.com\/authors\/greg-sirico-i-7198\">Greg Sirico<\/a>                                                     \u2022<br \/>\n                        <span class=\"text-nowrap\">Might 22, 2026<\/span> \u00a0 \u00a0 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/rondodox-botnet-exploits-2018-flaw-in-asus-routers-a-31768#disqus_thread\"\/><\/span><\/p>\n<figure>\n                <img decoding=\"async\" src=\"https:\/\/ismg-cdn.nyc3.cdn.digitaloceanspaces.com\/articles\/rondodox-botnet-exploits-2018-flaw-in-asus-routers-image_large-8-a-31768.jpg\" alt=\"RondoDox Botnet Exploits 2018 Flaw in Asus Routers\" class=\"img-responsive \"\/><figcaption>Picture: Shutterstock<\/figcaption><\/figure>\n<p>Operators behind a botnet picked up on an almost decade-old flaw in Asus routers permitting an unauthenticated attacker to attain distant code execution as a root person.<\/p>\n<p><b>See Additionally:<\/b> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/airlines-airports-visibility-across-ot-iot-it-a-31237?rf=RAM_SeeAlso\">Airways and Airports: Visibility Throughout OT, IoT, and IT<\/a><\/p>\n<p>Researchers at VulnCheck flagged in-the-wild exploitation of <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2018-5999\" target=\"_blank\">CVE-2018-5999<\/a>, a important flaw carrying a 9.8 CVSS rating, to the RondoDox botnet. The botnet, which surfaced in mid-2025 and focuses on Linux methods, is commonly classed as a variant of the Mirai botnet. &#8220;In contrast to Mirai, this malware\u2019s sole goal is to execute DoS assaults, whereas Mirai shouldn&#8217;t be solely able to doing DoS assaults but additionally scan and exploit different methods,&#8221; <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bitsight.com\/blog\/rondodox-botnet-infrastructure-analysis\" target=\"_blank\">wrote<\/a> Bitsight in March.<\/p>\n<p>VulnCheck started observing exploitation of the Asus vulnerability on Might 17. &#8220;Public exploits have been accessible since 2018,&#8221; <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7463587031470784512\/\" target=\"_blank\">wrote<\/a> VulnCheck CTO Jacob Baines in a Friday LinkedIn publish. &#8220;However till now, we hadn&#8217;t seen the vulnerability exploited within the wild.&#8221;<\/p>\n<p>RondoDox depends on a multi-stage assault chain constructed round mass exploitation, notably specializing in end-of-life and IoT gadgets. Its scans for uncovered gadgets, making an attempt to use certainly one of probably dozens of embedded CVEs directly, usually chaining flaws collectively earlier than introducing a malware payload, which connects to command-and-control infrastructure.<\/p>\n<p>&#8220;RondoDox is well-known for implementing a ton of exploits. Some analyses have tracked its CVE associations properly into the 170s, so it\u2019s not shocking or new that they\u2019re utilizing older ones too,&#8221; mentioned Baines.<\/p>\n<p>In accordance with Bitsight evaluation, risk actors behind RondoDox seemingly monitor vulnerability disclosures, exploiting sure CVEs linked to client tech earlier than publication. With &#8220;compromised residential IPs&#8221; serving as its internet hosting infrastructure, the botnet depends on older vulnerabilities present in &#8220;broadly deployed, largely end-of-life client routers&#8221; to take care of persistence.<\/p>\n<p>&#8220;There are a ton of Asus routers on-line, greater than 1 million, so it\u2019s very conceivable that that is working for RondoDox,&#8221; mentioned Baines.<\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Endpoint Safety , Web of Issues Safety Botnet Operators Execute First Identified Exploit of Almost Decade-Outdated Flaw Greg Sirico \u2022 Might 22, 2026 \u00a0 \u00a0 Picture: Shutterstock Operators behind a botnet picked up on an almost decade-old flaw in Asus routers permitting an unauthenticated attacker to attain distant code execution as a root person. See [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15087,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[3571,3181,3183,2705,7195,7734],"class_list":["post-15085","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-asus","tag-botnet","tag-exploits","tag-flaw","tag-rondodox","tag-routers"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/15085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15085"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/15085\/revisions"}],"predecessor-version":[{"id":15086,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/15085\/revisions\/15086"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/15087"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-24 21:03:21 UTC -->