So the vuln is in the web server on the router? How many home routers allow access to the web management server on the WAN interface? Most only allow access from the LAN side. So doesn't the presuppose that the attacker has access to your LAN? In which case you're already in trouble.
Or maybe I'm missing something because its lunch time at 2 hours before COB for the year.