> There is no clear connection between Huawei and Xiongmai.
If Xiongmai firmware runs on HiSilicon SoCs, there must be some kind of connection, even if just via a third party that paid HiSilicon for the hardware and Xiongmai to write the firmware for it. Unfortunately, the writeup doesn't clearly identify who that could be.
This argument proves too much. By this reasoning, "Qualcomm-owned Cisco" is "injecting backdoors" into their chips as well.[1]
The real title of the article is "0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras" and the word Huawei doesn't even appear in it.
If OP wants to claim that Huawei are involved, maybe they should write their own article. :/
CISCO has not only a long history of creating backdoors, but have also been marketing them as features. They even wrote an IETF proposal (RFC 2804) for a LI backdoor:
Edit: Schneier wrote in 2018: "We don't know if this is error or deliberate action, but five backdoors have been discovered [in CISCO] already this year." and linking to this article: https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a... (the final count went up to 7 actual backdoors discovered in 2018.
If Xiongmai firmware runs on HiSilicon SoCs, there must be some kind of connection, even if just via a third party that paid HiSilicon for the hardware and Xiongmai to write the firmware for it. Unfortunately, the writeup doesn't clearly identify who that could be.