I got the same 'congratulations...' and the same '0 exploitable'. It didn't warn me about identifying uPNP, but I have it disabled, so I suppose that's OK
I don't have any specific concerns over uPNP (though there have been in the past), it's just that I strive to have no firewall ports at all open on thevrouter. To fulfill that goal, I need to prevent any software apps fom opening firewall ports without my knowledge, even the reasons for doing so are valid.