• Home
  • cyber
  • ASUS: RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
cyber Vulnerability

ASUS: RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

May 17, 2026 2 min read
ASUS: RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

ASUS Router Vulnerability Exploited by RondoDox Botnet After Six-Year Dormancy

Cybersecurity firm VulnCheck has uncovered a campaign by the RondoDox botnet targeting outdated ASUS routers through a 2018 vulnerability (CVE-2018-5999), a critical unauthenticated configuration flaw with a CVSS score of 9.8. The vulnerability allows attackers to modify router settings including admin passwords without authentication, posing a severe security risk.

The attacks were detected on May 17 via VulnCheck’s Canary Network, which identified the botnet exploiting the flaw to alter the ateCommand_flag setting, forcing the router’s infosvr interface to accept unauthorized changes. Despite the exploit code being publicly available since 2018, this marks its first known real-world abuse.

Jacob Baines, VulnCheck’s CTO, noted that RondoDox is known for leveraging a high volume of exploits some analyses tracking over 170 associated CVEs and has been active since mid-2025. The botnet primarily targets Linux-based systems, similar to Mirai, but focuses on denial-of-service (DoS) attacks by overwhelming targets with traffic.

The scale of the threat is significant: over 1 million ASUS routers remain online, many of which are end-of-life (EOL) devices no longer receiving security updates. VulnCheck’s 2026 State of Exploitation report found that 56% of attacked edge devices in 2025 were consumer routers, with 65% of botnet-exploited vulnerabilities affecting unsupported hardware.

This campaign follows another recent RondoDox operation, where the botnet exploited a Next.js vulnerability (CVE-2025-55182, "React2Shell") to hijack smart cameras and web servers. The shift to older router vulnerabilities underscores a broader trend of cybercriminals targeting neglected, unpatched devices to expand their attack infrastructure.

Source: https://hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/

ASUS cybersecurity rating report: https://www.rankiteo.com/company/asus

"id": "ASU1779539103",
"linkid": "asus",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Over 1 million ASUS router '
                                              'users',
                        'industry': 'Consumer Electronics',
                        'name': 'ASUS',
                        'type': 'Technology Manufacturer'}],
 'attack_vector': 'Unauthenticated configuration modification via '
                  'CVE-2018-5999',
 'date_detected': '2026-05-17',
 'description': 'Cybersecurity firm VulnCheck uncovered a campaign by the '
                'RondoDox botnet targeting outdated ASUS routers through a '
                '2018 vulnerability (CVE-2018-5999). The vulnerability allows '
                'attackers to modify router settings, including admin '
                'passwords, without authentication. The botnet exploited the '
                'flaw to alter the `ateCommand_flag` setting, forcing the '
                'router’s `infosvr` interface to accept unauthorized changes. '
                'This marks the first known real-world abuse of the exploit '
                'despite its public availability since 2018.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to ASUS',
            'operational_impact': 'Potential unauthorized access and control '
                                  'of routers',
            'systems_affected': 'Over 1 million ASUS routers'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Cybercriminals increasingly target neglected, unpatched '
                    'devices to expand their attack infrastructure. '
                    'End-of-life (EOL) devices pose significant security risks '
                    'if not updated or replaced.',
 'motivation': 'Denial-of-Service (DoS) attacks, expansion of attack '
               'infrastructure',
 'post_incident_analysis': {'corrective_actions': 'Replace or update '
                                                  'vulnerable ASUS routers. '
                                                  'Implement enhanced '
                                                  'monitoring for edge '
                                                  'devices.',
                            'root_causes': 'Exploitation of a known '
                                           'vulnerability (CVE-2018-5999) in '
                                           'outdated ASUS routers due to lack '
                                           'of patches or end-of-life status.'},
 'recommendations': 'Users should update or replace outdated ASUS routers, '
                    'especially those no longer receiving security updates. '
                    'Organizations should monitor for exploitation of known '
                    'vulnerabilities in edge devices.',
 'references': [{'source': 'VulnCheck'},
                {'source': 'VulnCheck’s 2026 State of Exploitation report'}],
 'response': {'enhanced_monitoring': 'VulnCheck’s Canary Network',
              'third_party_assistance': 'VulnCheck (cybersecurity firm)'},
 'threat_actor': 'RondoDox Botnet',
 'title': 'ASUS Router Vulnerability Exploited by RondoDox Botnet After '
          'Six-Year Dormancy',
 'type': 'Botnet Exploitation',
 'vulnerability_exploited': 'CVE-2018-5999'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.