I hate that every time a vulnerability is posted, someone has to argue about whether the bounty is high enough. It’s always followed by, "blah blah, they're pushing whitehats to sell it on the black market."
Vulnerabilities will always sell for more on the black market because there’s an added cost for asking people to do immoral and likely illegal things. Comparing the two is meaningless.
To give a straightforward answer: no, I don’t think $20k is underpaid. The severity of a bug isn't based on how it could theoretically affect people but on how it actually does. There's no evidence this is even in the wild, and based on the description, it seems complicated to exploit for attacks.