A great many types of vulnerability-by-design in consumer routers have been public for a rather long time: Linksys, MikroTik, NETGEAR, TP-Link, and other vendors, have — for the entire history of this product type — been selling boxes that are, essentially, public toilets, free for the remote taking by any reasonably-intelligent teenager.
It appears that this "news" has finally percolated down through the drains and into the dark cellars where USG gendarmerie dwell. As part of their regular work to force the replacement of systems containing old, burned NSA-authored vulnerabilities, with new and fresh ones — USG.FBI have recently turned their attention to consumer routers.
The lively petri dish of self-propagating shitware now commonly known to be dwelling in the NSA victims' home routers, has been officially blamed on Putin's omnipotent DNC-diddling brigade. Respectable, non-terrorist USG subjects will, presumably, be issued new, "clean" routers, in the nearest future.
The burning of these vulnerabilities was handled by having "researchers" affiliated with Cisco unveil the presence of a botnet populated by ~500,000 small routers commandeered by an artful piece of malware which persists across device reboots (archived). Meanwhile, Cisco continues having its own profound and self-inflicted security issues.