Vendors are making it easy, since most are interested in cramming features such as print, file and media servers into these boxes. Tripwire security researcher Craig Young walked away with nine different zero-days in Asus, Netgear, DLink, Belkin and Linksys routers. In all, 15 zero days were disclosed during the contest, including seven full router compromises and one exploit that could lead to corruption of an internal network. Vendors, meanwhile, are slow or sloppy at patching vulnerabilities.
Source: https://threatpost.com/easy-pickings-at-def-con-router-hacking-contest/107770/