From TFA: "When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of their two rifles and using an eMMC reader to copy data from the computer’s flash storage with wires they clipped onto its circuit board pins.)"
So, it's a remote exploit in that you can do it if you're within Wi-Fi range (and the gun has it's Wi-Fi turned on), and they had to do some work to find what settings they could change via the API. Seems like a cromulent hack to me.