https://hackingpassion.com/tags/router-security/Recent content in Router-Security on HackingPassion.com : root@HackingPassion.com-[~]HugoenThu, 01 Jan 2026 15:17:00 +0100https://hackingpassion.com/rondodox-botnet-react2shell-exploit-shotgun/Thu, 01 Jan 2026 15:17:00 +0100https://hackingpassion.com/rondodox-botnet-react2shell-exploit-shotgun/<p>RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the &ldquo;exploit-shotgun&rdquo; approach. Fire everything, see what hits. 😱</p> <p>Once inside, RondoDox doesn&rsquo;t just sit there. It launches DDoS attacks. Mines Monero. Turns infected devices into proxies to hide other attacks. And it breaks the tools needed to fight back.</p> <p>The botnet has been running for 9 months. Three distinct phases. March to April 2025 was reconnaissance. April to June was daily probing of WordPress, Drupal, Struts2, and IoT devices. July onward became hourly automated attacks at scale.</p>https://hackingpassion.com/asus-tplink-authentication-bypass-cve-2025/Sun, 16 Nov 2025 13:11:54 +0100https://hackingpassion.com/asus-tplink-authentication-bypass-cve-2025/<p>Your router protects your home network from the internet. Or it&rsquo;s supposed to. Two major vendors just proved it doesn&rsquo;t. 😅</p> <p>ASUS: CVE-2025-59367 (CVSS 9.3) TP-Link: CVE-2025-7850 + CVE-2025-7851 (CVSS 9.3 + 8.7)</p> <p>Both disclosed November 2025. Both critical. Both letting attackers walk right in.</p> <h2 id="asus-routers-no-password-required">ASUS routers: No password required.</h2> <p>The vulnerability affects ASUS DSL-AC51, DSL-N16, and DSL-AC750 routers. Authentication bypass.</p> <p>If your router&rsquo;s management interface is exposed to the internet, an attacker can connect remotely without any credentials. No username. No password. Direct admin access.</p>