This pretty much happens with any equipment. If it's very cheap there's no reasonable expectation that they put too much effort into building and maintaining it. If it's expensive there may be other interests involved.
The difference is what your nationalism dictates: When you hear of a Huawei vulnerability you think "spying", and when you hear of a Cisco one (or five [0]) you think "bug". In the end the choice is to buy cheap and have all the careless bugs, or to buy expensive and only have the by design ones. And whether you think they are malicious or not depends on where you come from relative to the product.
Or the semi-third option; firewall the living hell out of everything with something you either wrote yourself or can read yourself. No guarantee there either but you can avoid the garbage fire that is a lot of this. I'm sure the NSA has exploits for everything tho.
And that third option is only technically available to at most 10 percent of the population, and most of them have neither the time ("day jobs") nor inclination to spend their time in that effort. And that is discounting the fact that the majority of the buggy appliances you encounter are developed by that very 10 percent in the first place.
This pretty much happens with any equipment. If it's very cheap there's no reasonable expectation that they put too much effort into building and maintaining it. If it's expensive there may be other interests involved.
The difference is what your nationalism dictates: When you hear of a Huawei vulnerability you think "spying", and when you hear of a Cisco one (or five [0]) you think "bug". In the end the choice is to buy cheap and have all the careless bugs, or to buy expensive and only have the by design ones. And whether you think they are malicious or not depends on where you come from relative to the product.
[0] https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...