Mr 2
It's a bug, nothing else. and yes, it should be fixed.
In older firmwares you find plenty of bugs, and sometimes you do find something you can exploit without be logged in. Like bashis exploit.
But calling something like this as "exploit" that you already need to be root to execute (i.e. you know login and password for root) to utilise, is wrong "advertising". When you ARE root, you have everything in your hands, and you can do whatever you would like to. Nothing stops you. Not even remote connect back shell. It's up to your imagination.
It's complete nonsense to call this as "hack" or even "vulnerability", it's nothing more then regular "stolen" root account. Yes, there exist a bug, but utilise the bug, you need to be root. Thats the key - root!
IF you was regular user (let's say 'n00b'), login as 'n00b', and gain 'root' privileges with this so called "exploit", i would agree with the report - but as it's now, no.. i do not. It's no exploit nor hack.