Not the vuln you are looking for
"And once they're in those directories, it's party time because they can insert their own code and tell the web server to execute it."
Just because you can read, doesn't mean you can write or execute anything. Embedded devices often have partitioned filesystems so you would have very limited access to anything more critical and a reboot would clear most issues too.
OK, basic security errors often go together because a programmer with no clue will be responsible, but that doesn't automatically mean that directory traversal leads to code injection.