How Often Should You Replace Your Router? The Security Signs We Look For on Every Job

In June 2026, a botnet called AryStinger compromised more than 4,300 outdated routers — devices that still worked fine, still served Wi-Fi, and whose owners had no idea anything was wrong. That's the practical risk of an aging router: it rarely tells you it's become a problem.

We get asked "how often should I replace my router?" constantly, and the honest answer isn't a number. Across a fleet of 538 networking devices we've tracked for four years, the real annual replacement rate was 0.74% — properly supported gear lasts a long time. A neglected consumer router is a different story. So instead of a calendar rule, here's the checklist we actually run on a client's existing router before we decide whether it stays or goes — and the specific security signs that move it from "fine for now" to "replacement is recommended."

The Real Answer Isn't a Number (It's a Checklist)

Replace your router when it no longer receives firmware updates, cannot meet your internet speed, lacks modern Wi-Fi security (WPA3), or shows recurring instability. Age alone is not a sufficient reason — support status and observed behavior are what matter.

Search "how often should you replace your router" and you'll get the same answer everywhere: every three to five years. It's a simple rule, but it doesn't reflect how routers actually fail or become a liability.

Age alone tells you almost nothing about whether a router is a liability. We've seen eight-year-old devices running current firmware with zero issues, and we've pulled two-year-old consumer routers off networks because the manufacturer abandoned them six months after launch. The calendar is the wrong tool for this decision.

What actually matters is support status and behavior — is the device still receiving security patches, and is it still performing the job it was bought to do? Those are the signals we evaluate on every site visit, and they're what we'll walk through in this article.

If you're unsure whether your device is a router, a modem, or both, our modem vs. router explainer covers the distinction in two minutes. For everyone else, let's get into what actually triggers a replacement.

Why an Old Router Is a Security Liability (Not Just Slow)

Most people think of an aging router as a speed problem. It's not. The real issue is security — and the mechanism is straightforward.

Every router runs firmware, and firmware contains vulnerabilities. When a manufacturer actively supports a device, they patch those vulnerabilities as they're discovered. When they stop — and every consumer router eventually reaches end-of-life — those vulnerabilities stay open permanently. Automated scanning campaigns know this. They target specific chipsets and firmware versions that will never be patched, because those devices represent a reliable attack surface that won't be fixed.

This isn't theoretical. In June 2026, researchers at QiAnXin's XLab documented a botnet called AryStinger that had compromised at least 4,300 outdated routers — primarily D-Link DIR-850L and DIR-818LW models built on Realtek RTL819X chipsets from 2012–2015. The malware exploited vulnerabilities disclosed as far back as 2013 (CVE-2013-3307, CVE-2016-5681) that these end-of-life devices will never patch. Once infected, each router became a remotely controlled proxy node: scanning other networks, tunneling malicious traffic, and tampering with the owner's DNS to redirect browsing to phishing pages.

A separate Go-based variant targets NAS devices through a QNAP vulnerability (CVE-2025-11837), and the infection count is still rising.

The FCC's March 2026 decision to block new equipment authorizations for foreign-produced consumer routers adds regulatory pressure in the same direction. While the rule doesn't affect routers already purchased or previously authorized, it signals that the government views unsupported consumer network hardware as a national security concern — and it narrows future replacement options for certain brands.

The Field Checklist: Signs It's Time to Replace

This is the checklist we run on a client's existing router before recommending action. Six signals, each with a clear verdict: replace the device, or remediate and keep it.

What this looks like on real jobs

A dental office in Coral Gables called us about intermittent VoIP drops during patient calls. The router was a consumer TP-Link Archer from 2019 — still technically working, but its last firmware update was 18 months prior and UPnP was wide open. The VoIP issue was a symptom of the router silently rebooting under load. We replaced it with a managed gateway and the drops stopped immediately.

A four-person law firm in Brickell had a Netgear Nighthawk that was five years old. Firmware: current. Credentials: changed. WPA3: supported. Throughput: matched their 300 Mbps plan. Verdict: keep it. Age alone wasn't a reason to spend money. We disabled UPnP, verified remote admin was off, and moved on.

A property management company running 12 cameras on a consumer router rated for 30 simultaneous devices. The router wasn't end-of-life, but it was throttling to 40% of their 1 Gbps plan because its processor couldn't handle the traffic. Firmware fixes wouldn't add CPU cores. Replace.

The pattern is consistent: end-of-support and throughput bottlenecks are always "replace." Everything else, try remediation first.

How Long Should a Router Actually Last? (What Our Fleet Data Shows)

The honest answer depends entirely on whether the device is maintained and supported.

For consumer gear, manufacturer support windows vary but are often shorter than people expect. NETGEAR's published policy, for example, provides security patches for three years after the last sale date — not the launch date. Once a model is discontinued from retail, the clock is already running. Other brands are similar or less transparent. That doesn't mean the hardware dies on that date — it means the security clock starts ticking the moment patches stop, and a router that "still works" after its end-of-support date is functioning hardware with a growing list of unpatched vulnerabilities.

For properly maintained, business-grade equipment, the numbers look very different.

That 0.74% figure is not aspirational. It's what happens when devices receive regular firmware updates, are monitored for anomalies, and aren't asked to do more than they're rated for.

Methodology: Fleet data covers 538 UniFi gateways, switches, and access points monitored across commercial sites in South Florida from 2022 to 2026. Replacement rate includes all hardware swaps (failure and capacity upgrades). Core uptime excludes ISP and power outages outside our control. The full breakdown is in our 4-year fleet reliability report.

The takeaway isn't "buy expensive gear." It's this: supported and maintained networking equipment lasts far longer than the 3–5 year rule suggests. Unsupported gear carries increasing risk regardless of age. The dividing line is support status, not the date on the receipt.

Before You Replace: What You Can Fix Today

Not every aging router needs to be replaced tomorrow. If your device still receives firmware updates, these steps genuinely reduce your exposure:

1. Update firmware now. Log into the admin panel and check for pending updates. If auto-update is available, enable it. Our guide to setting up automatic updates across every device walks through this for major router brands.

2. Change default admin credentials. If the login is still admin / admin or admin / password, fix it before doing anything else. Use a unique, strong password — this is the single easiest attack vector to close.

3. Disable UPnP. It's enabled by default on most consumer routers and it's almost never needed for normal use. It allows any device on your network to open firewall ports without your knowledge.

4. Disable remote administration. If you don't manage the router from outside your network (most people don't), turn off WAN-side management access entirely.

5. Disable WPS (Wi-Fi Protected Setup). WPS has known brute-force vulnerabilities and is rarely needed after initial device setup. Turn it off.

6. Enable WPA3 or WPA2/WPA3 Transitional. If your router supports it, switch to WPA3 Personal or WPA2/WPA3 Transitional mode (which maintains compatibility with older devices). If WPA3 isn't available, WPA2 Personal with AES and a strong, unique passphrase is acceptable — but plan for a replacement that supports current standards.

These steps genuinely reduce exposure. But be clear about what they cannot fix:

• They cannot patch vulnerabilities in firmware that is no longer being updated.
• They cannot add WPA3 to hardware that lacks the chipset support.
• They cannot make a 100 Mbps router handle a 500 Mbps connection.
• They cannot reverse thermal degradation causing random reboots.

If your router is end-of-support, remediation buys you time to plan a replacement — it doesn't remove the need for one.

When Replacement Is the Right Call — and What to Replace It With

Once you've confirmed a "replace" verdict from the checklist above, the next question is what to replace it with. We map recommendations by situation, not by budget.

Prices checked June 2026 on store.ui.com. Ubiquiti pricing varies by storage configuration and availability.

For a detailed head-to-head on the two most common picks, see our Cloud Gateway Ultra vs. UCG Max comparison. And if you want to see the complete kit we deploy on a typical small-business install — switches, access points, and all — the network gear contractors actually buy article covers the full stack.

For businesses with specific compliance requirements (healthcare, legal, finance), a dedicated firewall appliance may be appropriate alongside or instead of an all-in-one gateway.

The key principle: don't replace a neglected consumer router with another consumer router. If the old one failed the checklist, the replacement should be something that receives long-term firmware support, allows you to disable insecure services by default, and gives you visibility into what's happening on your network.

A Simple Replacement Rhythm Going Forward

You don't need a calendar reminder to replace your router every X years. You need a shorter, simpler habit:

Once a year, check whether your router's manufacturer still lists your model as actively supported. If firmware updates have stopped, start planning a replacement. If any of the six "replace" signals from the checklist above appear at any time, act then — don't wait for the annual check.

The goal is never to chase the newest hardware. It's to ensure the device sitting between your network and the internet is still being patched, still performing its job, and not operating as compromised infrastructure.

For a broader look at your network's security posture beyond just the router, our small-business network security audit guide covers the full checklist we use on site assessments.

Related Resources

• We Ran 538 Ubiquiti Devices for 4 Years. Here's What Actually Failed. — The full fleet data behind the lifespan figures cited in this article.
• UniFi Gateway Comparison Guide — Every current UniFi gateway compared by use case, from home office to enterprise.
• Cloud Gateway Ultra vs. UCG Max — Head-to-head on the two most popular small-business picks.
• How to Set Up Automatic Updates on Every Device — Step-by-step for enabling auto-updates on routers, computers, and phones.
• FCC Foreign Router Ban: What It Means for Your Business — The regulatory context behind the push to replace certain router brands.
• Small Business Network Security Audit Guide — The full security-posture checklist for businesses ready to go beyond router replacement.