HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

RondoDox Botnet Exploits Critical 2018 ASUS Router Vulnerability to Hijack Over 1 Million Devices

VulnCheck reports that the RondoDox botnet is leveraging a critical 2018 firmware flaw (CVE‑2018‑10561) to compromise more than one million ASUS routers, turning them into a large‑scale DDoS botnet. The exploit bypasses authentication, posing significant third‑party risk for organizations that rely on these devices for edge connectivity.

LiveThreat™ Intelligence · 📅 May 23, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
hackread.com

RondoDox Botnet Exploits Critical 2018 ASUS Router Vulnerability to Hijack Over 1 Million Devices

What Happened — Researchers at VulnCheck disclosed that the RondoDox botnet is actively exploiting a critical 2018 firmware vulnerability (CVE‑2018‑10561) in ASUS consumer and small‑business routers to bypass authentication and gain persistent control. The campaign is estimated to have compromised more than one million routers worldwide, adding them to a large‑scale DDoS‑capable botnet.

Why It Matters for TPRM

  • Router firmware weaknesses can become a supply‑chain foothold for attackers targeting downstream customers.
  • Compromised routers expose corporate networks to lateral movement, data exfiltration, and service disruption.
  • The scale of the botnet amplifies risk to any third‑party that relies on ASUS hardware for remote access or edge connectivity.

Who Is Affected — Telecommunications providers, managed service providers, enterprises with remote‑office or BYOD policies that use ASUS routers, and end‑users in the consumer segment.

Recommended Actions

  • Verify that all ASUS routers in your environment are patched to the latest firmware (post‑CVE‑2018‑10561).
  • Conduct a network scan for unauthorized outbound traffic indicative of botnet activity.
  • Review third‑party procurement policies to ensure hardware vendors provide timely security updates.

Technical Notes — The exploit leverages an unauthenticated remote code execution flaw in the router’s web management interface, allowing attackers to install a persistent backdoor and enlist the device in the RondoDox botnet. No public CVE‑based patch was available until early 2024; many deployments remain vulnerable. Data types at risk include internal network traffic, credentials transmitted over the compromised device, and any intercepted communications. Source: HackRead

📰 Original Source
https://hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →