CVE-2023-39780

Published Sep 11, 2023

Last updated 4 months ago

Exploit knownCVSS high 8.8
ASUS
RT-AX55

Overview

Description
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
Source
cve@mitre.org
NVD status
Analyzed
Products
rt-ax55_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
ASUS RT-AX55 Routers OS Command Injection Vulnerability
Exploit added on
Jun 2, 2025
Exploit action due
Jun 23, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-78
nvd@nist.gov
CWE-78

Social media

Hype score
Not currently trending

  1. KadNap botnet exploits ASUS routers via CVE-2023-39780, then deploys custom Kademlia DHT protocol for decentralized C2 communication. Over 14,000 devices compromised by March 2026, creating resilient proxy network for cybercrime operations. #ThreatIntel #CloudSecurity 🔗 Full

    @aviatrixtrc

    11 Mar 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Over 9,000 ASUS routers were compromised in a sophisticated hacking campaign exploiting a vulnerability known as CVE-2023-39780. Researchers warn this may be a prelude to the creation of a botnet. #ASUS #RouterHack #CyberSecurity #CVE202339780 #IoTSecurity https://t.co/IKnUBfgCAv

    @MainNerve

    7 Jun 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Asus warns: AyySSHush botnet infects 9500+ routers via CVE-2023-39780 https://t.co/UPPEL4r5GK A dangerous botnet exploits a command injection flaw to enable SSH access on port 53282 and installs attacker keys. Asus has patched this via a recent firmware update. Users should ht

    @GameGPU_com

    5 Jun 2025

    86 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-39780 #ASUS RT-AX55 Routers OS Command Injection Vulnerability https://t.co/eccsvO1KtR

    @ScyScan

    2 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2025-30397 3 - CVE-2024-29269 4 - CVE-2020-27786 5 - CVE-2023-39780 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other

    @gryphai

    1 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other

    @gryphai

    1 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. GreyNoise、ASUSルーター9000台が脆弱性の悪用でバックドア設置を確認(CVE-2023-39780) https://t.co/ypF6vsCp0H #Security #セキュリティ #ニュース

    @SecureShield_

    30 May 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 华硕路由器遭僵尸网络攻击 一种名为“AyySSHush”的新型僵尸网络已入侵超9000台华硕路由器。 该攻击利用认证绕过技术和已知漏洞(CVE-2023-39780),在路由器中植入SSH后门,即便更新固件也无法清除。 攻击者通过

    @BesnowCloud

    30 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨緊急警告:9,000台超のAsusルーターが高度なサイバー攻撃で侵害 攻撃者は永続的なバックドアを設置し、ファームウェア更新や再起動でも除去不可能な状態に CVE-2023-39780の脆弱性を悪用し、SSH経由でポート

    @TechTrendsJP

    29 May 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) https://t.co/WV5nRvgXuA

    @itfix_pcrescue

    29 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Campagna stealth compromette migliaia di router ASUS con backdoor persistenti Vulnerabilità, apt, asus, authorized_keys, CVE-2023-39780, firmware, GreyNoise, logging disabilitato, NVRAM, router, SSH backdoor, TCP/53282, ViciousTrap https://t.co/ONTumJMLoT https://t.co/417dQ0oTCh

    @matricedigitale

    29 May 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ASUS製ルーターに対する高度なバックドア攻撃が発覚。攻撃者はCVE-2023-39780の脆弱性を悪用し、再起動やファームウェア更新後も持続するSSHバックドアを設置。既に9,000台以上が影響を受けており、手動での確

    @01ra66it

    29 May 2025

    952 Impressions

    3 Retweets

    17 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) 〜サイバーアラート 5月29日〜 https://t.co/pkl9VB0EXu #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    29 May 2025

    82 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Over 9,000 ASUS routers have been compromised by a botnet named "AyySSHush," discovered by GreyNoise in mid-March 2025. The attackers exploit CVE-2023-39780 to add a persistent SSH backdoor, allowing continued access even after firmware updates. https://t.co/F7Al4VzwC1

    @securityRSS

    29 May 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Over 9,000 ASUS routers infected by the "AyySSHush" botnet using CVE-2023-39780 to inject persistent SSH backdoors, disabling logs & security features. Linked to a nation-state, targeting SOHO devices. 🕵️‍♂️ #Thailand #RouterThreats https://t.co/yYL0KpHIsJ

    @TweetThreatNews

    28 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. GreyNoiseによれば、ASUS製ルーター(RT-AC3100、RT-AC3200、RT-AX55等)を標的とした新たなボットネット「AyySSHush」が確認されました。攻撃者は、ASUSの正規機能や既知の脆弱性(CVE-2023-39780)を悪用し、永続的なSSHバ

    @t_nihonmatsu

    28 May 2025

    1040 Impressions

    6 Retweets

    14 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. ASUS Routers Improper Authentication VulnerabilityCVE-2021-32030

References

Sources include official advisories and independent security research.