I guess this is yet another reason not to rely on firewalls and outdated notions of "internal" and "external" networks for any kind of real security.
Increasingly, it seems that firewalls are doing less to improve actual security, while continuing to hinder legitimate network connectivity and the deployment of new protocols.
I think you're conflating firewalls and NAT. The idea of "internal" and "external" networks still apply in a non-NAT environment but what takes some getting used to is that with full end-to-end connectivity, you're back to an implicit "default-allow" policy where NAT created an implicit "default deny". The answer is to have a default deny firewall rule on your border router (your home gateway appliance), and then allow services as needed.
The use of the vulnerability to repair the vulnerability is very cool. I've done some related work, which may be of interest when one wants to patch a bad binary on the router (instead of simply removing a bad binary as done in this article).
http://eschulte.github.io/netgear-repair/pub/netgear-repair....
It's about liability, the possibility of failure, and touching stuff that isn't yours. If someone does write such a program, it better be thoroughly peer reviewed. That said, I'd prefer to have a bricked router than one with a backdoor...
No, but I have a fairly uncommon router (not ISP supplied) so I was curious if it also had a backdoor. It doesn't respond on LAN so it seems my DrayTek Vigor 2750N is backdoor-free for now...
Increasingly, it seems that firewalls are doing less to improve actual security, while continuing to hinder legitimate network connectivity and the deployment of new protocols.