RondoDox botnet exploits 56 n-day vulnerabilities in global attacks
Summary
Hide ▲
Show ▼
The RondoDox botnet has been actively exploiting 56 n-day vulnerabilities in over 30 distinct devices, including DVRs, NVRs, CCTV systems, and web servers, since June 2025. The botnet uses an 'exploit shotgun' strategy to maximize infections, targeting both older and more recent vulnerabilities. The list of exploited vulnerabilities includes CVE-2023-1389, a flaw in the TP-Link Archer AX21 Wi-Fi router, and others demonstrated at Pwn2Own events. The botnet's activity poses significant risks, especially for devices that have reached end-of-life and are more likely to remain unpatched. Many users also tend to ignore firmware updates for supported hardware, increasing the risk of exploitation. To mitigate the threat, users are advised to apply the latest firmware updates, replace end-of-life equipment, segment their networks, and use strong, unique passwords.
Timeline
-
09.10.2025 20:17 1 articles · 3h ago
RondoDox botnet targets 56 n-day vulnerabilities in global attacks
The RondoDox botnet has been actively exploiting 56 n-day vulnerabilities in over 30 distinct devices since June 2025. The botnet uses an 'exploit shotgun' strategy to maximize infections, targeting both older and more recent vulnerabilities. The list of exploited vulnerabilities includes CVE-2023-1389, a flaw in the TP-Link Archer AX21 Wi-Fi router, and others demonstrated at Pwn2Own events. The botnet's activity poses significant risks, especially for devices that have reached end-of-life and are more likely to remain unpatched. Many users also tend to ignore firmware updates for supported hardware, increasing the risk of exploitation. To mitigate the threat, users are advised to apply the latest firmware updates, replace end-of-life equipment, segment their networks, and use strong, unique passwords.
Show sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
Information Snippets
-
The RondoDox botnet targets over 30 distinct devices, including DVRs, NVRs, CCTV systems, and web servers.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The botnet exploits 56 n-day vulnerabilities, including those demonstrated at Pwn2Own events.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The botnet uses an 'exploit shotgun' strategy to maximize infections.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The botnet has been active since June 2025.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The list of exploited vulnerabilities includes CVE-2023-1389, a flaw in the TP-Link Archer AX21 Wi-Fi router.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The botnet incorporates exploits for 18 command injection flaws without assigned CVE IDs.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17
-
The botnet targets devices from various manufacturers, including Digiever, QNAP, LB-LINK, TRENDnet, D-Link, TBK, Four-Faith, Netgear, AVTECH, TOTOLINK, Tenda, Meteobridge, Edimax, Linksys, and TP-Link.
First reported: 09.10.2025 20:171 source, 1 articleShow sources
- RondoDox botnet targets 56 n-day flaws in worldwide attacks — www.bleepingcomputer.com — 09.10.2025 20:17