This article makes it sound like the sky is falling but it's not. In order to actually exploit CVE-2019-1862, you need to be an <i>authenticated</i> user with access to the Web UI. Typically management of a router isn't exposed to the whole Internet.
The article makes it sound like just one router is affected (ASR 1001-X), but that's just one model in one line of Cisco routers, and they all appear to be vulnerable: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot" rel="nofollow">https://tools.cisco.com/security/center/content/CiscoSecurit...</a>
Do you think these security defects are really bugs or are back-doors left in for the state security apparatus? Who or what department is tasked with testing Cisco devices for security vulnerabilities. I mean didn't anyone test the devices for potential remote root access and the ability to bypass the Trust Anchor? Lastly I don't know how an internet router can be not connected to the Internet and still function?