Why is this a big deal since you can exploit the vulnerability only when you are connected to the local network? (I've seen some of these exploits used to replace the installed firmware with openwrt)
In general, this is not a safe assumption to make -- for example, due to DNS Rebinding attacks.
The article also mentions that the exploit is working remotely:
> As the vulnerability occurs before the Cross-Site Request Forgery (CSRF) token is checked, this exploit can also be served via a CSRF attack. If a user with a vulnerable router browses to a malicious website, that website could exploit the user’s router. The developed exploit demonstrates this ability by serving an html page which sends an AJAX request containing the exploit to the target device.
Also, if you're replacing the firmware, the new firmware can create an outgoing root shell to a destination of your choice. There's no internal limitation here.
The article also mentions that the exploit is working remotely:
> As the vulnerability occurs before the Cross-Site Request Forgery (CSRF) token is checked, this exploit can also be served via a CSRF attack. If a user with a vulnerable router browses to a malicious website, that website could exploit the user’s router. The developed exploit demonstrates this ability by serving an html page which sends an AJAX request containing the exploit to the target device.
Also, if you're replacing the firmware, the new firmware can create an outgoing root shell to a destination of your choice. There's no internal limitation here.