Old routers are being hijacked into botnets — checking yours takes two minutes
Home routers had a rough 2026. Mirai variants and the Quad7 botnet spent the year mass-infecting internet-facing routers, turning them into launch pads for attacks and quietly routing criminal traffic through home connections. Several waves specifically targeted TP-Link models, and the maker confirmed some affected devices are end-of-life and will never be patched.
The pattern is always the same: a router that has not had a firmware update in years, exposed to the internet, running a known vulnerability. It keeps working fine for you, so nobody notices it has been compromised.
What to do: sign in to your router (usually 192.168.0.1 or 192.168.1.1), find the firmware or update section, and install the latest version. Change the default admin password while you are there. If the maker says your model is end-of-life — no more updates — the honest answer is to replace it; a modern router costs little next to a compromised home network.
Tendvane's Network scan lists every device on your network with its vendor and open services, so you can spot your router (and anything else you do not recognise) and see what is reachable. It is the quickest way to take inventory before you log in and patch.