They didn't show it but they did say the old routers share the same password. I can take that at face value, it's easy enough for a Lithuanian researcher to verify by asking a friend, I assume they did.
They say later models allow only pub keys but didn't go into more details. I would assume they all have the same keys in firmware if not shown otherwise.
Either way, the Telia CnC server would know all unique (if so) passwords or keys, so it may make little difference if exploited.
