Looking around my house, embedded devices with USB: Toshiba DVD, Sony Blu-ray, D-link Boxee box, Sharp TV (labeled service), Sharp Blu-ray, ASUS wireless N router, Cisco PIX firewall (built with BSD afaik), Chumby alarm clock, Samsung Android phone, LG Android phone (Android not running in host mode though, afaik), LG feature phone (probably not linux?), and a TiVo in a box in the attic.

I'm not an embedded developer. I agree these won't be built with the full range of default kernel drivers. Perhaps when I said a "broad range" I should have said something like "quite a few". Never the less, most of these devices will be built with a variety of usb storage drivers since that's the purpose of the usb port. I know for a fact that the Sony Blu-ray contains an impressive number of wireless lan drivers in addition to the storage drivers. The Chumby contains a variety including serial and wired lan. The ASUS router supports many mass storage options as well as parallel and serial printer support. The boxee box is reported to even include mouse and keyboard support as well as mass storage support, and I'd wager they left a lot more than that on.

Which isn't to say that any of these devices have this driver built in, I simply don't know. My point was more to raise the issue of what happens when a bug is discovered that affects one or more of these devices - many of which have a pretty large local attack surface. The answer is generally it stays vulnerable until you replace it, with the less similar it is to a PC the more likely that is to be true.

I wouldn't bet on many of these devices having stack smashing protection turned on. Look at how few linux distros have it turned on by default.