AI description
CVE-2023-39780 is a command injection vulnerability found in ASUS RT-AX55 routers, specifically version 3.0.0.4.386.51598. It allows authenticated attackers to execute arbitrary commands on the system. The vulnerability exists in the handling of user input, which enables attackers to inject and execute commands with elevated privileges. Successful exploitation of CVE-2023-39780 can lead to unauthorized actions and data breaches. Attackers have been observed exploiting this vulnerability, along with other authentication bypass techniques, to gain persistent access to ASUS routers, enabling SSH access and disabling logging to maintain a stealthy backdoor.
- Description
- On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- ASUS RT-AX55 Routers OS Command Injection Vulnerability
- Exploit added on
- Jun 2, 2025
- Exploit action due
- Jun 23, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Over 9,000 ASUS routers were compromised in a sophisticated hacking campaign exploiting a vulnerability known as CVE-2023-39780. Researchers warn this may be a prelude to the creation of a botnet. #ASUS #RouterHack #CyberSecurity #CVE202339780 #IoTSecurity https://t.co/IKnUBfgCAv
@MainNerve
7 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Asus warns: AyySSHush botnet infects 9500+ routers via CVE-2023-39780 https://t.co/UPPEL4r5GK A dangerous botnet exploits a command injection flaw to enable SSH access on port 53282 and installs attacker keys. Asus has patched this via a recent firmware update. Users should ht
@GameGPU_com
5 Jun 2025
86 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-39780 #ASUS RT-AX55 Routers OS Command Injection Vulnerability https://t.co/eccsvO1KtR
@ScyScan
2 Jun 2025
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2025-30397 3 - CVE-2024-29269 4 - CVE-2020-27786 5 - CVE-2023-39780 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other
@gryphai
1 Jun 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other
@gryphai
1 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GreyNoise、ASUSルーター9000台が脆弱性の悪用でバックドア設置を確認(CVE-2023-39780) https://t.co/ypF6vsCp0H #Security #セキュリティ #ニュース
@SecureShield_
30 May 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
华硕路由器遭僵尸网络攻击 一种名为“AyySSHush”的新型僵尸网络已入侵超9000台华硕路由器。 该攻击利用认证绕过技术和已知漏洞(CVE-2023-39780),在路由器中植入SSH后门,即便更新固件也无法清除。 攻击者通过
@BesnowCloud
30 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨緊急警告:9,000台超のAsusルーターが高度なサイバー攻撃で侵害 攻撃者は永続的なバックドアを設置し、ファームウェア更新や再起動でも除去不可能な状態に CVE-2023-39780の脆弱性を悪用し、SSH経由でポート
@TechTrendsJP
29 May 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) https://t.co/WV5nRvgXuA
@itfix_pcrescue
29 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Campagna stealth compromette migliaia di router ASUS con backdoor persistenti Vulnerabilità, apt, asus, authorized_keys, CVE-2023-39780, firmware, GreyNoise, logging disabilitato, NVRAM, router, SSH backdoor, TCP/53282, ViciousTrap https://t.co/ONTumJMLoT https://t.co/417dQ0oTCh
@matricedigitale
29 May 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ASUS製ルーターに対する高度なバックドア攻撃が発覚。攻撃者はCVE-2023-39780の脆弱性を悪用し、再起動やファームウェア更新後も持続するSSHバックドアを設置。既に9,000台以上が影響を受けており、手動での確
@01ra66it
29 May 2025
952 Impressions
3 Retweets
17 Likes
4 Bookmarks
0 Replies
0 Quotes
⚠️ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) 〜サイバーアラート 5月29日〜 https://t.co/pkl9VB0EXu #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
29 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Over 9,000 ASUS routers have been compromised by a botnet named "AyySSHush," discovered by GreyNoise in mid-March 2025. The attackers exploit CVE-2023-39780 to add a persistent SSH backdoor, allowing continued access even after firmware updates. https://t.co/F7Al4VzwC1
@securityRSS
29 May 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 9,000 ASUS routers infected by the "AyySSHush" botnet using CVE-2023-39780 to inject persistent SSH backdoors, disabling logs & security features. Linked to a nation-state, targeting SOHO devices. 🕵️♂️ #Thailand #RouterThreats https://t.co/yYL0KpHIsJ
@TweetThreatNews
28 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GreyNoiseによれば、ASUS製ルーター(RT-AC3100、RT-AC3200、RT-AX55等)を標的とした新たなボットネット「AyySSHush」が確認されました。攻撃者は、ASUSの正規機能や既知の脆弱性(CVE-2023-39780)を悪用し、永続的なSSHバ
@t_nihonmatsu
28 May 2025
1040 Impressions
6 Retweets
14 Likes
7 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.51598:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AABC778-3AC0-4730-953A-61175570FC81"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]