Well if the hackers have root password on the cpe nat gateway the macbook probably is at risk to a mitm, those gateways have iptables probably after all. Plus when youve got a gateway you can do things like screw with the network time to invalidate hsts certificates or inject so many rules firefox forgets the old one and you can mitm with a new https certificate!
You missed the fact that the cpe nat gateway according to the article limited that root access to a particular non-routed IP. So, first you've got to hack that machine at Telia.
Edit: Also: Why is all of the technical discussion on this topic at the bottom of the page?