You can always take the thing apart with a screw driver and look on the inside. If it's software based, reflash the firmware after you buy it. Best case scenario the firmware is open source and you build it from a trusted machine. If it's closed source, verify signatures with the manufacturer. Then reverse engineer the firmware until every behavior is uncovered. If there is hidden hardware at work, then monitor it as a black box. Sniff all traffic coming in and going out of the router and analyze the traffic from a trusted machine. Run a virtualized router with the firmware and simulate its intended behavior. If there is a difference, hi-light it and investigate the real traffic yourself. Create your own server that pretends to be the home that was phoned. Study it like a rat in a lab.