The main difference is that closed source software is not auditable, so when it is compromised you don't know.

It's safe to assume pretty much all the firmware you're running is vulnerable. It doesn't matter though, because you cannot find out.

The attackers can. You can't. And that's why we still have botnets.