We can know that the problem with new routers is in hardware - the certification process is based mainly on hardware requirements, besides, software can be updated, as the OpenWrt folks have proved.
We can also know that whatever problem exists in new routers, it's a big one. The NSA usually keeps these kind of vulnerabilities to themselves, for exploitation later. See the Vault 7 and Shadowbrokers leaks. There must be such huge hardware vulns that the NSA is certain the vulns will leak or be discovered.