WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.

The attacks likely involve the exploitation of six known security flaws in end-of-life ASUS WRT routers to take control of susceptible devices. All the infected routers have been found to share a unique self-signed TLS certificate with an expiration date set for 100 years from April 2022.

The attacks likely exploit vulnerabilities tracked as [CVE-2023-41345], [CVE-2023-41346], [CVE-2023-41347], [CVE-2023-41348], [CVE-2023-39780], [CVE-2024-12912], and [CVE-2025-2492] for proliferation. Interestingly, the exploitation of CVE-2023-39780 has also been linked to another Chinese-origin botnet dubbed [AyySSHush] (aka ViciousTrap). Two other ORBs that have targeted routers in recent months are [LapDogs] and [PolarEdge].

“By chaining command injections and authentication bypasses, threat actors have managed to deploy persistent backdoors via SSH, often abusing legitimate router features to ensure their presence survives reboots or firmware updates.”

To read the complete article see: The Hacker News