Comment Only concerns ISP-specific models (Score 2, Insightful) 66
Past research has shown that the security of ISP-provided routers is often worse than that of off-the-shelf ones. Many such devices are configured for remote administration to allow ISPs to remotely update their settings or troubleshoot connection problems. This exposes the routers’ management interfaces along with any vulnerabilities in them to the Internet, increasing the risk of exploitation.
So, in other words, these models were specifically made for and distributed by an ISP, and were not off-the-shelf models. The backdoors were there for the ISP managers. For 99% of network users out there, these vulnerabilities are of no practical concern.