Many routers left with default passwords
In addition to defective firmware or software, many routers are compromised because users fail to change the default passwords. Most Biz oriented routers have true hardware firewalls unlike consumer grade routers which rely on (poor) software for security. Many of the consumer grade routers never even get proper firmware updates to block known malware so the problems are just amplified with every new malware.