Germany's Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling.
The FKIE study found that 46 routers hadn't got a single security update within the past year and that many routers are affected by hundreds of known vulnerabilities.
FKIE assessed that ASUS and Netgear do a better job on some aspects of securing routers than D-Link, Linksys, TP-Link and Zyxel, but it argues the industry needs to do more to secure home routers. In the worst cases of devices FKIE assessed, the routers hadn't been updated for more than five years.
About 90% of the routers in the study used a Linux operating system. However, manufacturers weren't updating the OS with fixes made available from Linux kernel maintainers.
Glad to say I run an ASUS router and I get updates about every second month and install them.
See Home router warning: They're riddled with known flaws and run ancient, unpatched Linux | ZDNet
And there are no routers in the study from the Fraunhofer Institute without known security flaws.