There's evidence strongly suggesting that - for example - Juniper Network's use of the NSA's backdoorable Dual EC random number generator in their VPN hardware is an intentional US backdoor. Not only is Dual EC slower, more complex, less random, and worse in every possible way except for the fact that it allows for a backdoor that can only be accessed by the person who has the matching private key to its public key, they also introduced a bunch of other changes at the same time across several levels of their software stack to make this exploitable in practice: https://eprint.iacr.org/2016/376.pdf
On top of that, when an attacker broke into Juniper's systems and replaced that public key with their own, they simply changed it back without fixing the "bug" introduced at the same time as Dual EC which meant the countermeasures that they'd claimed prevented this attack never actually ran. (They moved the index variable of their existing PRNG function, which was meant to post-process the Dual EC output, from a local to a global, overwrote it in the Dual EC code so the other PRNG never ran, used the same output buffer for both, and added a hidden on-by-default setting which ran the Dual EC code on every PRNG call. The whole thing stunk.)
I don't think anyone has found anything even remotely comparable to this smoking gun in Huawei's hardware and software.
How do you compare this with Cisco's similar situation and repeated hardcoding of backdoor passwords that they swear are just accidental despite having a decade of time in which they should have figured out to stop doing it?
https://www.channelnews.com.au/huawei-more-vulnerable-to-sec...
https://www.crn.com/news/security/british-watchdog-finds-ser...
https://fortiguard.com/zeroday/FG-VD-18-017
https://www.schneier.com/blog/archives/2019/03/nsa-inspired_...
https://www.huawei.com/en/psirt/security-advisories/huawei-s...
https://www.cvedetails.com/vulnerability-list/vendor_id-5979...