When Security Devices are Exploitable

I can't resist connecting this bit of info from "Security and Attack Surfaces of Modern Applications"

(Via Gunnar Peterson)
So, today’s Firewall is:
  • A Multi-Protocol parsing engine
  • Written in C
  • Running in Kernel space
  • Allowed full corporate network access
  • Holding cryptographic key material
…and still considered a security device?
With "Stealth Router-based Botnet Discovered" (via Cybersec).
...the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems.
When security devices are exploitable…