RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities
Essential information
- Published
- 11/03/2026 15:49
- Modified
- 16/03/2026 09:52
- Tags
- 2026-03-11 botnet ddos iot rondodox vulnerability exploitation xmrig
- Related entities
- 12 vulnerabilities (cve), 29 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 1 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (12)
Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution.
- Attack vector
- NETWORK
- Published
- 16/12/2025
- Modified
- 16/03/2026
Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code …
- Attack vector
- Network
- Published
- 14/07/2025
- Modified
- 16/03/2026
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to …
- Attack vector
- Network
- Published
- 10/06/2025
- Modified
- 21/12/2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute …
- Attack vector
- ADJACENT_NETWORK
- Published
- 11/07/2025
- Modified
- 16/03/2026
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 14/05/2025
- Modified
- 14/01/2026
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 …
- Attack vector
- NETWORK
- Published
- 27/05/2025
- Modified
- 16/03/2026
Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. …
- Attack vector
- NETWORK
- Published
- 19/09/2025
- Modified
- 16/03/2026
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 28/07/2025
- Modified
- 21/12/2025
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …
- Attack vector
- Network
- Published
- 02/11/2023
- Modified
- 21/12/2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via …
- Published
- 16/03/2026
- Modified
- 16/03/2026
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary …
- Attack vector
- Network
- Published
- 30/10/2025
- Modified
- 28/01/2026
Observables (29)
-
45.8.145.203 -
192.253.248.5 -
192.183.232.142 -
45.135.194.32 -
45.135.194.34 -
192.159.99.95 -
45.135.194.11 -
99.241.94.234 -
78.153.149.90 -
45.125.66.100 -
23.228.188.126 -
45.153.34.156
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (16)
-
Windows Management Instrumentation MITRE
-
Valid Accounts MITRE
-
Tool MITRE
-
Network Denial of Service MITRE
-
Launchctl MITRE
-
Non-Standard Port MITRE
-
Encrypted Channel MITRE
-
Resource Hijacking MITRE
-
Protocol Tunneling MITRE
-
Exploit Public-Facing Application MITRE
-
Ingress Tool Transfer MITRE
-
Unix Shell MITRE
Others (1)
-
x1337.cc