A nearly decade-old vulnerability in Asus routers has been exploited by operators of the RondoDox botnet, allowing for remote code execution as a root user without authentication. The flaw, which dates back to 2018, was first observed being exploited on May 17 by VulnCheck1. This marks the first known instance of this particular vulnerability being leveraged by attackers. The fact that a nearly decade-old flaw remains exploitable highlights the ongoing challenge of securing router firmware and the importance of regular updates. The RondoDox botnet's ability to capitalize on this weakness underscores the need for robust security measures, including prompt patching and secure configuration of network devices. This incident matters to security practitioners because it demonstrates how known vulnerabilities can still be exploited years after their discovery, emphasizing the need for vigilant monitoring and maintenance of network infrastructure.