Using its own analytical software, the Fraunhofer Institute tested the most recently available firmware for 117 home Wi-Fi models currently sold in Europe, including routers from ASUS, D-Link, Linksys, Netgear, TP-Link, Zyxel and the small German brand AVM. The models themselves were not physically tested. A full list of the tested models and firmware is on GitHub. The institute was not able to examine the firmware of 10 more models, mostly from Linksys. The report notes (PDF) that many firmware updates are issued without fixing known flaws.
So what can you do? You can make sure that the next router you buy automatically installs firmware updates. You can check to see whether your current router does so, or makes it fairly easy to install firmware updates manually. You should also make sure that the administrative password for your router has been changed from the factory default password. (Check the list of default passwords at https://www.routerpasswords.com.) You should also check its administrative interface to make sure that UPnP and remote access are disabled. And if your router was first released more than 5 years ago, consider buying a newer model unless it meets all of the above criteria. Alternatively, you could try to "flash" your older router to run more secure open-source router firmware such as OpenWrt, DD-WRT or Tomato.
Slashdot story
Fraunhofer report 2020
