It’s not FW specific that they target, it’s testing CVE’s on whatever FW they have to hand.Aren't you talking "in general"? I am asking why specificly 6.20 was chosen (for searching vulnerabilities)? Why not another FW?
The fact TJ’s badhoist works on 6.20 is a way in, a starting point. And we know it doesn’t work above 6.20 as it’s been tried.