"Grimm: publishing an in-depth advisory showing how to exploit the holes, and released full, working proof-of-concept exploit code".
I feel really conflicted about this. Yes, Netgear should have patched their routers. But how many home users update the firmware even when an update is available. I'm on my 4th router, and none have ever had a process to notify me that an update was available, let alone actually automate the updating. I have made it a habit to check Asus's website on patch Tuesday (my current router is from Asus), but does anyone really believe more than 10% of people ever check for updated firmware, if the router is still working.
Given that reality, why publish exploit code so any jackass with time on their hands can hack people's networks. Until we have processes in place to make router (and other internet connected IOT devices) updating simple and a common practice, this seems like nothing more than showboating which hurts security, rather than helping. Free advertising for Grimm, but hardly a benefit to security.