I have heard many stories about big and well known names having - for example - hard coded passwords or other (random or even seemingly intentional) vulnerabilities/backdoors...

(maybe in a little sarcastic way) I would say - find a company accused of being a national security treat, whose source code was for the long time shared with western security agencies but despite this fact no hard evidence was ever presented to the general public  They have the most to lose if they present some sloppy security practices or even intentional backdoors... 

or - as something more realistic - find hardware that can be flashed using alternative software (like openwrt), this way you are limiting your attack surface (as having something unfamiliar to the attacker) - at least as long as you patch it regularly and until it goes out of support (but usually alternative software supports the hardware long after the manufacturer decides to cease updating it)

Many have hard coded backdoors, monitoring or spies in silicon that firmware or software does not affect.

Many have hard coded backdoors, monitoring or spies in silicon that firmware or software does not affect.

In my opinion this is not common - most of them are basic [read - low cost] applications of SoCs made by big Taiwanese manufacturers (like Atheros or Mediatek), and if those are hardware backdoored we are all toast... For example, Mediatek chipsets are used in some TP-Link routers - and in more than twenty different manufacturer's hardware also (including Ubiquiti and Linksys [that was owned by Cisco some time ago]) according to the link below (and this is only about hardware compatible with OpenWRT)

https://openwrt.org/toh/views/toh_extended_all

And we know from the experience that backdooring something is a risky choice (even for government mandated access - like lawful intercept for the police), someone can discover the backdoor and then anyone would have access.

I think that bigger problem are ISP: I have for example an LTE router (not TP-Link), branded by one of cell phone operators which was selling them with their Internet plans. They have two versions of firmware - both of them customized with their logo, and both containing hardcoded (and well known) root password... Maybe the manufacturer has issued a firmware version without this vulnerability, but the operator is not providing it...

Different example - cable modem: end user cannot update it, operator updates it from the network side. End user doesn't know if the modem is patched or even still under active support... And nobody forces ISP to patch end-user equipment

That is a good reason to bring your own, not the free or location. My wireless phone provider was not happy to be unable to access my phone trough their network as usual with the phones they provide with doctored firmware or software.

Is it possible to replace the ISP "cable modem or optical fibre modem"?

My ISP`s optical fibre modem is a China Huawei!  

I criticize them very often! 

Huawei is a good worldwide spying operation.

and it seems that they are not even hiding this fact: