This is an unfair lawsuit targeting a foreign corporation. If the FTC were consistent, they'd go after a majority of American tech companies (Cisco, juniper, MSFT..) with publicly known back doors into their technology.
Cisco seems pretty good about patching. There have been some controversial cases, but typically when I see Cisco exploits at a conference, it will start with, "If you haven't patched your routers to xx.xx.xx, do it now."
Do you have specific examples of holes that have existed for a long time without official patches or mitigation?
Flip this around. If Chinese regulators sued Cisco, Juniper, etc. for known vulnerabilities while deliberately omitting local companies, everyone would scream protectionism.
Router companies need to be security conscious, but for the FTC to single out ONE foreign company doesn't smell right.
Many of these backdoors were instigated by American information agencies. Would an American law enforcement agency be able to sue an American company for putting in backdoors at the insistence of an American governmental agency? It almost seems like a double-threat, where you are at risk for attack from law enforcement if you comply, but at risk for attack from the governmental agency if you do not.
If they have legal incorporation in the United States, it is fair game for the FTC to go after their US-based company for failure to protect US consumers. Don't want legal liability in the US for your business activity, don't incorporate in the US.
As long as your product is FCC certified, you're allowed to sell in the US. And if you sell in the US you can be subject to action from multiple federal agencies looking out for the end user, the FTC being one of them. Where you're incorporated has little to do with it.
Back to my point, singling out DLink when every other vendor has similar practices smells fishy.