Comment by LoganDark

That was a botnet, which is entirely different type of threat (i.e. not baked into the silicon by its manufacturer). Most botnets out there have at some point in their life been used for DDoS, that's one of the most common reasons to have one. (Another common reason is for use as residential proxies, for personal or web scraping use.) Botnets are usually entirely irrelevant though, nobody really jumped to accuse TP-LINK of being a national security threat when those botnets were discovered. I'm pretty sure there was even someone using the exploit to try to patch the vulnerability in as many routers as possible as a courtesy.