Routers are Linux computers, and their security provisions are part of their internal configuration. So they're not unprotected, but it's possible that some manufacturers' firmware has vulnerabilities which others don't. And of course, just like any other computer, the user can degrade the security by using weak (or non-existent) passwords and leaving the wireless network unsecured.