Cunaplus_m.faba/Getty Images Until your router reaches its end of life (EOL), the manufacturer will offer regular firmware updates. If you don’t update it, the network may start to misbehave over time. Problems you’ll notice include slower internet speeds, devices disconnecting randomly (or not connecting at all), reduced compatibility with devices using newer Wi-Fi standards, or the router starting to overheat. But probably the worst part about not updating your router is that it becomes an easy target for hackers who know how to exploit vulnerabilities in old firmware. For example, in April 2026, the FBI issued a warning that a Russian military hacker group called GRU (also known as APT28, Fancy Bear, and Forest Blizzard) had taken control of vulnerable routers, including TP-Link EOL routers, and modified their DNS and DHCP settings to allow them to steal sensitive information from individuals and organizations. In 2025, SecurityScorecard released a report on Operation WrtHug, a large-scale hacking operation in which more than 50,000 ASUS EOL routers in the United States, Taiwan, and Russia were used to spy on people and organizations around the world. The FBI says updating your router’s firmware is one of the best defenses against these hacks. Also, do not use the router’s default username and password, and if your router has reached EOL status, you need to upgrade it. The Bureau also advised you to disable remote management interfaces on your router to prevent anyone outside of your home network from accessing your home network. The Security Risk of a Router That Never Updates Nialowwa/Shutterstock Hackers will always find new ways to bypass router security, which is why manufacturers stay on top of things by regularly releasing firmware updates to their routers. A common security vulnerability patched with firmware updates is remote code execution (RCE), where the hacker takes control of the router and executes malicious code on it. This code can often steal sensitive information, install malware, or add the router to a botnet. An example is CVE-2025-9377, which is a type of RCE that exploits a vulnerability in the parental controls page of two TP-Link EOL routers: Archer C7 and TL-WR841N/D. Another common attack is an authentication bypass attack, which exploits a flaw in the router’s firmware to bypass the need for login credentials. Netgear issued a warning in 2024 that some of its routers, such as RAX35, RAX38, and RAX40, were affected by this vulnerability. Users were at risk when a hacker obtained their Wi-Fi password or connected to a device on their network using an Ethernet cable. These are just two examples, but in both cases the manufacturer had to release a firmware update to fix it. TP-Link was forced to do this even though it had stopped supporting routers. They then advised their customers to upgrade to supported routers next. Generally, it is recommended to upgrade your router every three to five years. Should you enable automatic updates or update your router manually? SOLDATOOFF/Shutterstock Modern routers usually have automatic updates enabled. It works by downloading the update during the day and then installing it at night when you’re sleeping, so you don’t experience any downtime. Perhaps the biggest benefit of automatic updates is that they ensure that you don’t forget to update your router, meaning it will always have the latest firmware when it becomes available. The biggest downside is that you may experience bugs from day one if the manufacturer pushes out a faulty update. But if you’re the set-it-and-forget-it type, keep automatic updates or enable them if they’re disabled. Manual updates, on the other hand, ensure that you have full control over the firmware update process. You can effectively eliminate the inconvenience caused by downtime (for example, if you work or play online late at night and the router decides to update). This also means you have time to see how an update works in the wild before applying it to your router, avoiding the frustrating bugs it can introduce. Manual updates are ideal if you are a remote worker, gamer, or power user who can keep up with updates, such as by checking notifications in the router’s app or admin panel and installing them when available. But you run the risk of forgetting or becoming bored with updates, missing a critical update that fixes a vulnerability in response to a new threat. Post navigation PSA for ’90s Kids: Your Old Film Camera Is Popular Again in 2026 5 Times It Pays to Save the Box Your Electronics Came in
Cunaplus_m.faba/Getty Images Until your router reaches its end of life (EOL), the manufacturer will offer regular firmware updates. If you don’t update it, the network may start to misbehave over time. Problems you’ll notice include slower internet speeds, devices disconnecting randomly (or not connecting at all), reduced compatibility with devices using newer Wi-Fi standards, or the router starting to overheat. But probably the worst part about not updating your router is that it becomes an easy target for hackers who know how to exploit vulnerabilities in old firmware. For example, in April 2026, the FBI issued a warning that a Russian military hacker group called GRU (also known as APT28, Fancy Bear, and Forest Blizzard) had taken control of vulnerable routers, including TP-Link EOL routers, and modified their DNS and DHCP settings to allow them to steal sensitive information from individuals and organizations. In 2025, SecurityScorecard released a report on Operation WrtHug, a large-scale hacking operation in which more than 50,000 ASUS EOL routers in the United States, Taiwan, and Russia were used to spy on people and organizations around the world. The FBI says updating your router’s firmware is one of the best defenses against these hacks. Also, do not use the router’s default username and password, and if your router has reached EOL status, you need to upgrade it. The Bureau also advised you to disable remote management interfaces on your router to prevent anyone outside of your home network from accessing your home network. The Security Risk of a Router That Never Updates Nialowwa/Shutterstock Hackers will always find new ways to bypass router security, which is why manufacturers stay on top of things by regularly releasing firmware updates to their routers. A common security vulnerability patched with firmware updates is remote code execution (RCE), where the hacker takes control of the router and executes malicious code on it. This code can often steal sensitive information, install malware, or add the router to a botnet. An example is CVE-2025-9377, which is a type of RCE that exploits a vulnerability in the parental controls page of two TP-Link EOL routers: Archer C7 and TL-WR841N/D. Another common attack is an authentication bypass attack, which exploits a flaw in the router’s firmware to bypass the need for login credentials. Netgear issued a warning in 2024 that some of its routers, such as RAX35, RAX38, and RAX40, were affected by this vulnerability. Users were at risk when a hacker obtained their Wi-Fi password or connected to a device on their network using an Ethernet cable. These are just two examples, but in both cases the manufacturer had to release a firmware update to fix it. TP-Link was forced to do this even though it had stopped supporting routers. They then advised their customers to upgrade to supported routers next. Generally, it is recommended to upgrade your router every three to five years. Should you enable automatic updates or update your router manually? SOLDATOOFF/Shutterstock Modern routers usually have automatic updates enabled. It works by downloading the update during the day and then installing it at night when you’re sleeping, so you don’t experience any downtime. Perhaps the biggest benefit of automatic updates is that they ensure that you don’t forget to update your router, meaning it will always have the latest firmware when it becomes available. The biggest downside is that you may experience bugs from day one if the manufacturer pushes out a faulty update. But if you’re the set-it-and-forget-it type, keep automatic updates or enable them if they’re disabled. Manual updates, on the other hand, ensure that you have full control over the firmware update process. You can effectively eliminate the inconvenience caused by downtime (for example, if you work or play online late at night and the router decides to update). This also means you have time to see how an update works in the wild before applying it to your router, avoiding the frustrating bugs it can introduce. Manual updates are ideal if you are a remote worker, gamer, or power user who can keep up with updates, such as by checking notifications in the router’s app or admin panel and installing them when available. But you run the risk of forgetting or becoming bored with updates, missing a critical update that fixes a vulnerability in response to a new threat.
