GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor.
“Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.” states GreyNoise.
... more ....
The payloads observed by the experts only target ASUS RT-AC3100 or RT-AC3200 with an Out-Of-Box configuration.
GreyNoise also found a payload exploiting the authenticated command injection flaw CVE-2023-39780 in ASUS RT-AX55 v3.0.0.4.386.51598 to execute arbitrary system commands.
The attackers exploit the command injection flaw to add their SSH key and enable access on port 53282, ensuring persistent backdoor access across reboots and updates.
Joined: 08 May 2018 Posts: 16139 Location: Texas, USA
Posted: Mon Jun 09, 2025 7:15 Post subject:
There are no third-party firmware projects that support the DSL combo devices 100%. Your device is EOL, and the most recent GPL tarball is not for the latest release of stock firmware. IOW, there is no fixing it unless you know how to finesse some patches and updates to the latest 2019 GPL tarball (GPL of ASUS DSL-AC88U Annex A for firmware 1.10.06_Build591) and roll your own firmware image.
ASUS DSL-AC88U Firmware version v1.10.08_Build593 (This product supports Annex A)
Version 1.10.08_Build593
33.34 MB
2021/08/25
This model was end of its life, and its firmware, utility, website, and manual will no longer be updated. For more details, please refer to https://www.asus.com/event/network/eol-product/
Fixed CVE-2021-20090
Please unzip the firmware file first then check the MD5 code.
MD5: 6a255909d9b82cf1f094caa4c8469dc1
