An unpatched router can be hijacked, if the attacker is on the same network.
Several models of Asus' routers are vulnerable to an attack that leaves little for non-technical users to protect themselves until a fix is issued.
Security researcher Joshua Drake published an advisory
warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."
The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr
service by killing the process when the affected device boots. That has to be performed each time the device restarts.