Several ASUS routers include a service that listens on UDP broadcast port 9999 on the LAN interface and contains an unauthenticated command execution flaw. Vulnerable devices include RT-AC66U, RT-N66U and many others. Vulnerability resides in a block of code related to the processPacket function, which invoked after receiving a packet of INFO_PDU_LENGTH (512) bytes. Expert recommends to remove the remote command execution function from the vulnerable service to protect the routers.”]
Source: http://securityaffairs.co/wordpress/31982/hacking/asus-router-firmware-flaw.html