Network Security

RondoDox botnet exploits old ASUS router vulnerability

As detailed in HackRead, cybercriminals are actively exploiting a critical software vulnerability from 2018, CVE-2018-5999, to target older models of ASUS routers. This unauthenticated configuration update vulnerability, with a CVSS score of 9.8/10, allows attackers to alter router settings without requiring a password.

The RondoDox botnet has been exploiting this vulnerability since May 17, as discovered by VulnCheck's Canary Network. Attackers send data payloads to set the "ateCommand_flag" to 1, which opens the router's internal system interface, infosvr, to unauthorized configuration changes. VulnCheck successfully used this method to change a router's admin password, and exploit code has been publicly available since 2018. With over one million ASUS routers online, the potential impact is significant.

RondoDox, known for employing numerous exploits, primarily targets Linux-based systems for denial of service attacks. VulnCheck found that 56% of attacked internet edge devices in 2025 were consumer routers, and 65% of vulnerabilities used by botnets were on unsupported, end-of-life technology, making them easy targets for cybercriminals.

Source: HackRead

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds