ASUS router users should pay attention. Our SOC started seeing an old vulnerability CVE-2014-9583 originating from 179.219.203[.]40. End users should stay vigilant.
Recently there have been a large number of attacks on network routers since ISP's seem to forget that the default passwords need to be changed. We have seen large botnets forming and being used in some very large attacks. While most ASUS brand routers have probably been patched against this threat, it is probably a good idea to make sure your router is not vulnerable and if it is, obtain new firmware that you know is clean and reflash your devices.
This is a very old and well known exploit so we were surprised to see this type of activity against a customers router as we have not seen this type of attack since late 2016.
Description
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.