A new study by the American Consumer Institute (ACI) finds that five out of six routers sold in the US for small office/home office (SOHO) use go without proper updates, leaving them open to cyberattack.

ACI found an average of 172 vulnerabilities per router. Overall, the total number of known vulnerabilities found in the sample amounted to 32,003. Among the identified flaws, 28 percent were deemed to be high-risk or critical. The Wi-Fi routers came from not just one or two vendors, but 14.

As ZDNet reports, ACI points to open-source libraries as one of the main issues responsible for the security flaws in router firmware.

Also to blame: “The lack of auto-update mechanisms keeps many of these devices in a vulnerable state, or until a user is reminded to update the firmware, usually after a major router hacking spree, such as the emergence of the Mirai and VPNFilter malware strains.”

Since small and midsize businesses often do not have as robust a security infrastructure as enterprises, they can be easy targets. But enterprises should also be aware, given the prevalence of remote workers. Being vigilant about updating firmware can avert cybersecurity incidents. Fortunately, some vendors have included auto-update mechanisms in more recent routers, according to ZDNet.

Get the full story at ZDNet.