It was just reported by Ars Tecchnica that there is a massive router hack that affected 45,000 routers. The hackers used the EthernalBlue (a NSA tool) to hack the routers. The attack target routers UPnP (universal plug and play). I suggest that everyone should turn off UPnP unless you really need it. I you think you need it you can still turn it off and see if it breaks anything and if all is well leave it off.
Another thing too turn off on routers is the WPS function. I did a test on my test router with WPS turned on and with a good password for the router’s WiFi. I ran a penetration test using Kali and was able to hack the router in 12 seconds.