With the DirtyCow out on the wild, I decided to check if my route is part of the botnet that brought the internet down last week. My router is an "italian" tp-link TD-8961ND v3 that tiscalli served me, 4 years ago with a firmware from 2011!. Of course it was "locked", in the sense that it rejected any new firmware-images. In the end I managed to unlock and update it, not something fancy with JTAGs etc, but simply by setting the Certificate Authority from the "customer CA" to the "trendchip CA" with this command:
$ telnet 192.168.1.1
Connected to 192.168.1.1.
Escape character is '^]'.
Copyright (c) 2001 - 2015 TP-LINK TECHNOLOGIES CO., LTD.
TP-LINK> sys cwmp ca
usage:sys cwmp ca [0|1|2|display]
0: Use trendchip CA.
1: Use UNH CA.
2: Use Other Customer CA, You can download it.
display: Display the Customer's CA.
Current used CA is: 2.
TP-LINK> sys cwmp ca 0
Note that I had to apply firmware versions one-after-the-other - not go directly to the final one.