So the only people vulnerable to this are folks running cheap NAS or ADSL boxes that have Linux firmware but for which the vendor never bothers to issue patches.
So that would be just about everyone then. :(
The general public really needs to learn the difference between free as in beer and free as in speech. Perhaps we need to maintain a list of vendors (of the above items) who have a track record of providing patches for their products (through auto-update, coz otherwise it won't happen on Joe User's box) for a period of at least five years (for want of a "lifetime" estimate). I'm guessing it won't be a long list at first, but in the long term it needs to include everyone.