I have a basic router for my home network: https://www.wavlink.com/en_us/product/WL-WN530HG4.html
The builtin management tools are surprisingly sufficient, I am able to configure DDNS, DMZ, Port forwarding, and automatic wifi channel switching.
I disabled WAN access to ping and to the management page which is clearly working well when I attempted accessing it from a hotspot on my Parrot OS laptop. (learn more about ParrotOS here)
Both the DDNS address and direct IP wouldn't allow any attacks from OWASP ZAP to get through:
Even the test I ran from internal (the router sees it as LAN even though I access it via WAN at quazmoz.hopto.org) didn't have many vulnerabilities and none of them were critical. However, I was a little bummed to see the vulnerability for clickjacking...
So far so good on the pen-test. Next up is to see how it handles direct attacks against the VPN and NextCloud