Routers and access points are also typically separate device classes. Yet the market has figured out that most consumers prefer all-in-one devices. Expecting households to run dedicated firewalls besides their AiO wifi-routers is ludicrous.

What firewall do you recommend a typical user couple their ER7212PC (which BTW is already tripling as VPN gateway and cloud-controller) with?

The problem is that TP-link does not give two cents to security in their products.

> And no, I'm not being pedantic

You very much are.

Are you suggesting that people should buy both a router and a firewall for their home networks? I suppose they should buy a separate Wi-Fi AP as well, and a switch or two, in your opinion?

You are of course correct, but most people will disagree because the world we live in is a lot messier than what we should do and people expect a base line. You have to remember that people rely on IPv4 NATing for security, despite every network engineer knowing that is it is not - in effect it is.

'firewall' is just a colloquial term for packet filtering, which is a term for a class of functionality that could be provided by a router.

Customer edge routers are expected to contain firewall (see RFC 7084 and RFC 6092).

People expect their router to act as a firewall too, via NAT. If you take this away and force people to buy an additional piece of hardware to restore the expected functionality, they won't switch. Simple as that.