I don't think ~4.5MB for a kernel is way too big, especially if initramfs included.
If you're seeing DHCP6 and can ping it, I would say it's at least getting u-boot. But that doesn't really solve the serial port issue.
If you were seeing your key presses in your serial log, then you were probing RX and not TX. You need to capture on pin 4 TX.
Without any console access it's hard to say what's happening. U-boot may be trying to load the Kernel from an incorrect address, or not even trying to load the Kernel, or the Kernel could be booting and then going into a panic for any number of reasons.
Curious to see what happens if you try setting your IP address to 10.10.10.3 and connect to the ethernet port on your device. Can you try that along with some wireshark captures?
It's possible the root filesystem was destroyed during the firmware update process. If the 3.5MB of flash space after the kernel really is supposed to be for the filesystem, then something is definitely not correct because there's only 11K of data in that entire area. Also, I would expect to see a signature for at least some form of compression, gzip, lzma, squashfs, but there's nothing there. Unfortunately the stock firmware updates only seem to include the kernel itself. I suppose the root filesystem could be stored someplace else, ie on a different flash device, but that's not very common.
I don't think the offset's are incorrect. Looking at the flash layout and comparing it to your flash dump it looks like a match. The problem I see is that you're missing u-boot parameters. 0x0 - 0x1000 should be uboot parameters, the environmental config I was talking about earlier. If these aren't present then uboot should fall back to whatever it was compiled with as far as I know. 0x1000-0x2000 is reserved, and 0x2000-0x6000 is the WLAN0 config, which looks like a match for what is in your flash dump.
The RF config looks like a match as well, however your flash dump seems to be missing RF 1 parameter, could that be part of the problem too?
True, things might not match the SDK exactly. We are looking at the manual for 4.3.0.0 and the u-boot version from your flash dump is from 4.0.1.0 so there have most likely been changes, but so far things seem to mostly correlate to what is in the SDK user's manual. It is true though that we are ignorant of any changes that Linksys might have made (patches, mods etc...) to the SDK when the firmware was built.