The decrypted file is still compressed, which is why it is mostly unintelligible. It starts off fairly readable, but rapidly becomes less readable, presumably due to how the compression algorithm builds up some dictionary or tree as it processes the input. Unique data might still be readable later in the file, if it didn't compress.
One of the original uses for the StatPOSTer program is to view settings, so everything that could go between the DeviceInfo tags in the config file can be viewed using the settings panel. Select IGD_DEV_INFO from the list in the Object box, and press the "Get value" button.
Using the shell, it should be possible to start the upnpd process, but there's probably a severe restriction on the length of the command line you can type in, so you would need to create a script or work around that limitation somehow.
Another limitation, if it's the same as older models, is that the telnetd process only allows one login at a time, so if you want more than one shell login, e.g. one to collect stats and another to generally look around, use the first shell to start another telnetd process on a different port.
It might be possible to get the same config file trick working with the VR900, although I think I'll need to add a further option to the program because the MIPS CPUs in the older models and the 9970 are big endian, but the ARM CPU in the VR900 is little endian.