All the routers firmwares I've dumped so far, memorizes the wifi password as cleartext (or encoded, but it's basically cleartext).
Is it normal? Or actually for less cheap router there are other solutions to prevent this?
Can this be considered a vulnerability?
The WiFi password needs to be shared with all devices that connect to the AP. Which means it is not a tightly held secret. For home routers, the password is often written right on the device itself. In public areas, it's written on the wall. Some mobile devices even let you share the wifi password across all your devices.
So, then why should it be stored encrypted in the router? You would need to have physical access to the router to "extract the password" or if you somehow exploited a vulnerability remotely, you still need to get physically close to access the network.
Adding strong security to the password in such a situation doesn't make sense. The risk equation doesn't add up when there are weaker areas of security.
If you want tight control over who/what has access, then you use certificate-based authentication.
So, no, this is not a vulnerability.
When assessing risk, or wondering if something is a vulnerability, make sure to consider the context and the operating environment. It makes no sense to use a TPM and rotating encryption keys to protect something you are going to write on the cafe wall for everyone to see.
Not a vulnerability
A PSK mode (PreSharedKey), which is the one here there is "a WiFi password", needs both parties to know the "password", since it is used for deriving the communication secrets. Note that this is different from normal websites, where the server authenticates its identity using the PKI (on their https certificate), the client provides their credentials in plain,¹ and the server then only needs to verify them.
Depending on the methods supported/enabled, the AP might store instead a secret derived from the password, not the password itself, such as the PBKDF2 stated in Annex J. However, this won't work with certain modes, such as WEP or, as mentioned by user71659, WPA3-SAE. Plus, if you implemented that (on the restrictive configuration where it's possible), you would need to start requiring the password for seemingly unrelated operations, such as enabling WEP or changing the SSID.
Not to mention 'features' such as showing the password on the router administrative interface or through WPS. Moreover, all of this would be significantly more effort to code for very little benefit, as the password would still need to be stored in many paths.
¹ Technically, they could do mutual authentication, but it's very uncommon.
It has to be available as plaintext in order to communicate with other local devices etc.
However it should not be stored as unobfuscated plaintext, since if it were disposed of ("ewaste") or sold in that state it would reveal credentials which the former owner was quite possibly continuing to use.
Q: Is this a vulnerability?
A: Of course it is! (It is also necessary).
Q: Is this a vulnerability worth worrying about?
A: Probably not. Dumping should be protected by an administration password and your physical security. (But those, you should worry about. I.e. set the admin password securely, and put the router in access controlled space.)
As others have pointed out, disposal runs a risk if you reuse the password. Depending on your security model, this may require incinerating the device.
