So you need access to the router first with enough power to force a firmware update. What would surprise me is if there are vendors immune from this kind of APT. Given the money and talent invested in those hacks, bricking a whole cargo container of router doesn't seem out of reach, dissolving it in acid or other potentially destructive reverse engineering.
If they own the vendor source code then it is even easier, but the mere fact that it is a router/firewall and not an off the shelf Dell pc is of little importance.
If they own the vendor source code then it is even easier, but the mere fact that it is a router/firewall and not an off the shelf Dell pc is of little importance.