282/69 Monday, May 25, 2026
Security researchers have reported that attackers linked to the RondoDox botnet are actively exploiting the legacy vulnerability CVE-2018-5999 in unpatched ASUS routers. The vulnerability carries a CVSS score of 9.8 (Critical) and affects ASUSWRT firmware, allowing attackers to modify router settings without authentication.
According to reports, VulnCheck detected active exploitation attempts targeting this vulnerability on May 17, 2026, despite a public exploit being available since 2018. RondoDox is a botnet that primarily targets Linux systems, IoT devices, and internet-exposed network equipment. The malware commonly scans for vulnerable devices at scale and attempts multiple known exploits to compromise systems and recruit them into infrastructure used for Denial-of-Service (DoS) attacks.
System administrators and ASUS router users are advised to verify their device models and firmware versions, especially systems running ASUSWRT versions earlier than 3.0.0.4.384_10007 or devices that have already reached end-of-support status. Organizations and users should immediately update firmware to the latest available version, disable internet-facing administrative interfaces, change default or weak administrator passwords, and consider replacing unsupported hardware that can no longer receive security updates in order to reduce the risk of compromise.
Source https://hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/