RondoDox Botnet Exploits Critical 2018 ASUS Router Vulnerability to Hijack Over 1 Million Devices
What Happened — Researchers at VulnCheck disclosed that the RondoDox botnet is actively exploiting a critical 2018 firmware vulnerability (CVE‑2018‑10561) in ASUS consumer and small‑business routers to bypass authentication and gain persistent control. The campaign is estimated to have compromised more than one million routers worldwide, adding them to a large‑scale DDoS‑capable botnet.
Why It Matters for TPRM —
- Router firmware weaknesses can become a supply‑chain foothold for attackers targeting downstream customers.
- Compromised routers expose corporate networks to lateral movement, data exfiltration, and service disruption.
- The scale of the botnet amplifies risk to any third‑party that relies on ASUS hardware for remote access or edge connectivity.
Who Is Affected — Telecommunications providers, managed service providers, enterprises with remote‑office or BYOD policies that use ASUS routers, and end‑users in the consumer segment.
Recommended Actions —
- Verify that all ASUS routers in your environment are patched to the latest firmware (post‑CVE‑2018‑10561).
- Conduct a network scan for unauthorized outbound traffic indicative of botnet activity.
- Review third‑party procurement policies to ensure hardware vendors provide timely security updates.
Technical Notes — The exploit leverages an unauthenticated remote code execution flaw in the router’s web management interface, allowing attackers to install a persistent backdoor and enlist the device in the RondoDox botnet. No public CVE‑based patch was available until early 2024; many deployments remain vulnerable. Data types at risk include internal network traffic, credentials transmitted over the compromised device, and any intercepted communications. Source: HackRead