[cjbprime]

In general, this is not a safe assumption to make -- for example, due to DNS Rebinding attacks.

The article also mentions that the exploit is working remotely:

> As the vulnerability occurs before the Cross-Site Request Forgery (CSRF) token is checked, this exploit can also be served via a CSRF attack. If a user with a vulnerable router browses to a malicious website, that website could exploit the user’s router. The developed exploit demonstrates this ability by serving an html page which sends an AJAX request containing the exploit to the target device.

Also, if you're replacing the firmware, the new firmware can create an outgoing root shell to a destination of your choice. There's no internal limitation here.