Null problem! Or: the dangers of an invisible byte

This write-up analyzes CVE-2021-32030 (an authentication bypass on ASUS GT-AC2900 routers) and shows how publicly shared PoCs and scanning tools used the literal string "\0" instead of an actual NUL byte, producing mass but ineffective scanning activity; honeypots recorded hundreds of thousands of malformed attempts and no confirmed successful exploit attempts.