Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router

I'm wondering how it is that there can be such differences in the versions of dnsmasq in various models firmware. I have an R6400 (v1) which uses dnsmasq version 2.15 (released in 2004) in it's latest and it appears in all firmware ever released for this model. How does a router model released in 2015 get firmware compiled using such incredibily outdated source? Why do I see older models with newer versions? WTF is the dev process here? There are older routers listed that use far newer versions but I'm not sure any of Netgears use anything post 2.78 yet. In fact it seems that Netgear is actively ignoring this verified and published CVE from over half a year ago. There's another thread where a mod (who I just called out in a personal message) closed right away claiming it to be a false positive. There are other routers of other brands where ludicrous responses are given on this CVE as well. Honestly I don't care at this point if it is a false (it's not), I'm fed up with the handling and dev of firmware in general. Digging so deep into this has really exposed to me the ludicrous manner in which Netgear devs compile firmware. All open sources like dnsmasq should be based on the latest (stable) versions. I'm getting pretty PO'd about this whole thing. 20+ years a Netgear relationship as a customer and before that Bay. Maybe the real solution here is I go to dd-wrt on this particular unit. I'm surely at this point not going to be purchasing another or in my consultant capacity pushing any Netgear hardware, period.