That is *sometimes* the case, usually briefly, but more often than not, aftermarket firmwares are less stable. There are exceptions, and in most cases, I'd say they are equal in stability, with there being good and bad versions of each. Speaking of aftermarket Android firmwares, I'd *never* flash one of those on my phone. For a device that must remain secure, especially if used in 2 factor authentication, there's really only one option: stick with the secured, vendor firmware.
The thing with vendor firmwares is that they are based on template firmwares provided by the chipset manufacturer (e.g. Atheros, Qualcomm, Broadcom). The vendor can build a good line of firmwares by swapping out the drivers, and making minor tweaks, in most all cases. When they develop an entirely new line of routers, or switch to a different OS, they may need to do some reworking, but their work is always at the application layer. None of the vendors go and hack on the drivers that are provided by the chipset manufactuerers.
Since those chipset drivers are often closed source, and the open source community must try to re-create them, it ends up being the closed source drivers that are years ahead, and offer more stability and performance.
I've spent a lot of time thinking about this, and I'm truly convinced this is the way to go. We've spent years trying to create 'all in one' firmwares that don't rely on closed source drivers, but have mostly failed. They are perpetually 6 months, a year, or more behind on features and hardware support, and often don't ever get those features or hardware support.