The Broadcom UPnP flaw that was discovered is NOT an issue with the chip themselves but with an implementation of UPnP made by Broadcom.
For example, Tomato firmware(which only works with Broadcom chips) is not vulnerable to the broadcom UPnP exploit as it uses a different library(miniupnpd).
Also see: »
svn.dd-wrt.com/browser/s ··· c/upnp.c