Thousands of ASUS Routers Hijacked in New WrtHug Cyberattack

[johny899]

Hi friend, I wanted to share a message about home routers, as I thought it would be relevant for you. A new hacking operation called WrtHug is taking control of thousands of old ASUS routers. If you have an old router, this is worth looking into.

What is happening?​

WrtHug is targeting with ease aging ASUS routers that are at the end-of-life stage and are no longer getting updates for security fixes. The attackers are exploiting several known security vulnerabilities to infiltrate and take control of these routers.

How do the hackers get inside?​

Research has determined that at least six are being exploited in order to access and regain control of the routers. The vulnerabilities are:

• Command Injection vulnerabilities: CVE-2023-41345 through CVE-2023-41348
• Another significant Command: vulnerability, CVE-2023-39780
• Remote Command vulnerability: CVE-2024-12912
• Weak login control vulnerability: CVE-2025-2492

These routers are at the proper end of the life and are no longer receiving updates which makes it really easy for the hackers to enter the router and remain inside.

What do the hackers do to the router?​

After establishing control, they perform a few unusual actions:

• They install a fabricated SSL certificate for HTTPS that lasts 100 years, attorneys note. ASUS typically deploys a 10-year certificate - anything more raises suspicion that the router is hacked.
• Hackers normally do not change the firmware which keeps the router vulnerable. They could, if they so wish, add other hackers into the router by establishing other malware on routers' firmware.
• The hijacked routers have become part of a botnet - the hackers are now using that router to perform online attacks for their exploitation.

How many routers have been impacted?​

Research found nearly 50,000 routers compromised across the globe. Most of these routers are located in Taiwan.

Strangely, China appears to have none or almost zero, perhaps giving a clue as to is behind it.

Some of the ASUS routers impacted are:

• 4G-AC55U
• GT-AX11000
• RT-AC1200HP
• RT-AC1300UHP

What action should you take?​

Here are my recommendations:

• Upgrade your router firmware if ASUS still provides support for your model.
• If the router is end-of-life, replace the router, or at a minimum, disable remote access features on the router.
• Inspect your router settings for anything unfamiliar, such as a certificate that you do not recognize, or ports that you did not open.
• Use a strong password to log into your router.
• Ensure the admin page is not accessible from the internet.

Closing Remarks​

This WrtHug exploit highlights the dangers associated with older routers. In the past, I neglected to consider my routers warning lights for several weeks and learned through experience that routers need love too. If you utilize an older ASUS router, please inspect it today.