CVE-2023-39780

Published Sep 11, 2023

Last updated 11 days ago

Exploit knownCVSS high 8.8
ASUS
RT-AX55

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-39780 is a command injection vulnerability found in ASUS RT-AX55 routers, specifically version 3.0.0.4.386.51598. It allows authenticated attackers to execute arbitrary commands on the system. The vulnerability exists in the handling of user input, which enables attackers to inject and execute commands with elevated privileges. Successful exploitation of CVE-2023-39780 can lead to unauthorized actions and data breaches. Attackers have been observed exploiting this vulnerability, along with other authentication bypass techniques, to gain persistent access to ASUS routers, enabling SSH access and disabling logging to maintain a stealthy backdoor.

Description
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
ASUS RT-AX55 Routers OS Command Injection Vulnerability
Exploit added on
Jun 2, 2025
Exploit action due
Jun 23, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-78
nvd@nist.gov
CWE-78

Social media

Hype score
Not currently trending

  1. Over 9,000 ASUS routers were compromised in a sophisticated hacking campaign exploiting a vulnerability known as CVE-2023-39780. Researchers warn this may be a prelude to the creation of a botnet. #ASUS #RouterHack #CyberSecurity #CVE202339780 #IoTSecurity https://t.co/IKnUBfgCAv

    @MainNerve

    7 Jun 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Asus warns: AyySSHush botnet infects 9500+ routers via CVE-2023-39780 https://t.co/UPPEL4r5GK A dangerous botnet exploits a command injection flaw to enable SSH access on port 53282 and installs attacker keys. Asus has patched this via a recent firmware update. Users should ht

    @GameGPU_com

    5 Jun 2025

    86 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-39780 #ASUS RT-AX55 Routers OS Command Injection Vulnerability https://t.co/eccsvO1KtR

    @ScyScan

    2 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2025-30397 3 - CVE-2024-29269 4 - CVE-2020-27786 5 - CVE-2023-39780 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other

    @gryphai

    1 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Cyber Alert: Over 9,000 ASUS Routers Compromised in 'AyySSHush' Botnet Campaign A sophisticated cyberattack has compromised more than 9,000 ASUS routers worldwide. Dubbed "AyySSHush," this campaign exploits a command injection vulnerability (CVE-2023-39780) and other

    @gryphai

    1 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. GreyNoise、ASUSルーター9000台が脆弱性の悪用でバックドア設置を確認(CVE-2023-39780) https://t.co/ypF6vsCp0H #Security #セキュリティ #ニュース

    @SecureShield_

    30 May 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 华硕路由器遭僵尸网络攻击 一种名为“AyySSHush”的新型僵尸网络已入侵超9000台华硕路由器。 该攻击利用认证绕过技术和已知漏洞(CVE-2023-39780),在路由器中植入SSH后门,即便更新固件也无法清除。 攻击者通过

    @BesnowCloud

    30 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨緊急警告:9,000台超のAsusルーターが高度なサイバー攻撃で侵害 攻撃者は永続的なバックドアを設置し、ファームウェア更新や再起動でも除去不可能な状態に CVE-2023-39780の脆弱性を悪用し、SSH経由でポート

    @TechTrendsJP

    29 May 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) https://t.co/WV5nRvgXuA

    @itfix_pcrescue

    29 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Campagna stealth compromette migliaia di router ASUS con backdoor persistenti Vulnerabilità, apt, asus, authorized_keys, CVE-2023-39780, firmware, GreyNoise, logging disabilitato, NVRAM, router, SSH backdoor, TCP/53282, ViciousTrap https://t.co/ONTumJMLoT https://t.co/417dQ0oTCh

    @matricedigitale

    29 May 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ASUS製ルーターに対する高度なバックドア攻撃が発覚。攻撃者はCVE-2023-39780の脆弱性を悪用し、再起動やファームウェア更新後も持続するSSHバックドアを設置。既に9,000台以上が影響を受けており、手動での確

    @01ra66it

    29 May 2025

    952 Impressions

    3 Retweets

    17 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  13. ⚠️ボットネットがASUS製ルーター9千台超をハッキングし、永続的なSSHバックドアを仕掛ける(CVE-2023-39780) 〜サイバーアラート 5月29日〜 https://t.co/pkl9VB0EXu #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    29 May 2025

    82 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Over 9,000 ASUS routers have been compromised by a botnet named "AyySSHush," discovered by GreyNoise in mid-March 2025. The attackers exploit CVE-2023-39780 to add a persistent SSH backdoor, allowing continued access even after firmware updates. https://t.co/F7Al4VzwC1

    @securityRSS

    29 May 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Over 9,000 ASUS routers infected by the "AyySSHush" botnet using CVE-2023-39780 to inject persistent SSH backdoors, disabling logs & security features. Linked to a nation-state, targeting SOHO devices. 🕵️‍♂️ #Thailand #RouterThreats https://t.co/yYL0KpHIsJ

    @TweetThreatNews

    28 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. GreyNoiseによれば、ASUS製ルーター(RT-AC3100、RT-AC3200、RT-AX55等)を標的とした新たなボットネット「AyySSHush」が確認されました。攻撃者は、ASUSの正規機能や既知の脆弱性(CVE-2023-39780)を悪用し、永続的なSSHバ

    @t_nihonmatsu

    28 May 2025

    1040 Impressions

    6 Retweets

    14 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.