Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

New Vulnerabilities Uncovered: How ASUS Routers Were Hijacked by Hackers Using Six Known Security Flaws


ASUS routers were compromised by hackers using six known security flaws, exposing tens of thousands of end-of-life devices worldwide to potential exploitation. The attack highlights the need for continuous updates and security patches for device manufacturers.

  • The WrtHug group exploited six known security flaws in ASUS routers to hijack tens of thousands of end-of-life devices worldwide.
  • The attack primarily targeted older, unsupported ASUS routers that were no longer receiving updates or support.
  • The hackers used a combination of security flaws and a unique self-signed TLS certificate to gain control over the infected devices.
  • The attackers deployed persistent backdoors via SSH and abused legitimate router features to ensure their presence survived reboots or firmware updates.
  • The attack bears similarities with other China-linked operational relay boxes (ORBs) and botnet networks, suggesting possible Chinese origin.



    • The world of cybersecurity has recently been shaken to its core as a group of hackers, known as WrtHug, has successfully exploited six known security flaws in ASUS routers to hijack tens of thousands of end-of-life (EoL) devices worldwide. The severity of this attack lies not only in the scale of the affected devices but also in the fact that these devices were previously considered secure due to their age.

    The attacks, which have been linked to a campaign codenamed Operation WrtHug by SecurityScorecard's STRIKE team, primarily targeted ASUS routers that were no longer receiving updates or support from the manufacturer. This lack of maintenance made it easier for hackers to identify vulnerabilities and exploit them in order to gain control over these devices.

    One of the most striking aspects of this attack is the fact that the hackers used six known security flaws - CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2024-12912, and two additional ones including CVE-2025-2492. These vulnerabilities were previously identified by various cybersecurity experts as being in the process of being patched, but due to their widespread use in routers, hackers were able to exploit them before any patches could be applied.

    The attacks likely involved the exploitation of these security flaws in conjunction with a unique self-signed TLS certificate that all the infected routers shared. This certificate was found to have an expiration date set for 100 years from April 2022, and 99% of services presenting this certificate were found to be ASUS AiCloud - a proprietary service designed to enable access to local storage via the internet.

    By chaining command injections and authentication bypasses, the hackers were able to deploy persistent backdoors via SSH and abuse legitimate router features to ensure their presence survives reboots or firmware updates. This has led SecurityScorecard to warn of the growing trend of malicious threat actors targeting routers and other network devices in mass infection operations.

    The attack bears similarities with other China-linked Operational Relay Boxes (ORB) and botnet networks, suggesting that it may be linked to an unknown China-affiliated actor. The extent of the damage remains to be seen but it is clear that this attack highlights the need for device manufacturers to prioritize updates and security patches for their products.

    In conclusion, the ASUS router hijacking campaign codenamed Operation WrtHug serves as a stark reminder of the importance of cybersecurity awareness and the need for continuous vigilance. With more devices than ever becoming targets for hackers, it is essential that we take proactive steps to protect our networks and devices from such attacks in the future.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Vulnerabilities-Uncovered-How-ASUS-Routers-Were-Hijacked-by-Hackers-Using-Six-Known-Security-Flaws-ehn.shtml

  • https://thehackernews.com/2025/11/wrthug-exploits-six-asus-wrt-flaws-to.html

  • https://www.infosecurity-magazine.com/news/chinal-operation-wrthug-thousands/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-41345

  • https://www.cvedetails.com/cve/CVE-2023-41345/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-41346

  • https://www.cvedetails.com/cve/CVE-2023-41346/

  • https://nvd.nist.gov/vuln/detail/CVE-2023-41347

  • https://www.cvedetails.com/cve/CVE-2023-41347/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-12912

  • https://www.cvedetails.com/cve/CVE-2024-12912/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-2492

  • https://www.cvedetails.com/cve/CVE-2025-2492/

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/

  • https://www.youtube.com/watch?v=B4aXPCIXC_s


    • Published: Wed Nov 19 07:38:36 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us