I have heard many stories about big and well known names having - for example - hard coded passwords or other (random or even seemingly intentional) vulnerabilities/backdoors...

(maybe in a little sarcastic way) I would say - find a company accused of being a national security treat, whose source code was for the long time shared with western security agencies but despite this fact no hard evidence was ever presented to the general public  They have the most to lose if they present some sloppy security practices or even intentional backdoors... 

or - as something more realistic - find hardware that can be flashed using alternative software (like openwrt), this way you are limiting your attack surface (as having something unfamiliar to the attacker) - at least as long as you patch it regularly and until it goes out of support (but usually alternative software supports the hardware long after the manufacturer decides to cease updating it)

Many have hard coded backdoors, monitoring or spies in silicon that firmware or software does not affect.

I got a Cisco ISR 1111 used for relatively cheap, and had no problems with it so far. It doesn't have 10Gig ports unfortunately though.

For a DIY option, ultra small form factor PCs (Lenovo's M720q Tiny for example) with a dual/quad PCIe network card, running OPNsense or VyOS work great.

Mikrotik has amazing hardware and software for super cheap, even when bought brand new, so that is a great choice as well. Some of them also have WiFi, so no need for a separate access point (hAP ax3 for example)

I have found cheap alternatives:

D-Link: made in Taiwan

MikroTik: made in Latvia (EU member)

Teltonika: made in Lithuania (EU member)

Should you need a cheap wireless routers, you may also consider their products.  I have a Mikrotik LTE router.  It is very compact and firmware is updated every few months.

My first home router is a D-Link.  Then, I used TP-Link wireless routers exclusively because of their cheap prices.  Now, it is time to change.

In my opinion this is not common - most of them are basic [read - low cost] applications of SoCs made by big Taiwanese manufacturers (like Atheros or Mediatek), and if those are hardware backdoored we are all toast... For example, Mediatek chipsets are used in some TP-Link routers - and in more than twenty different manufacturer's hardware also (including Ubiquiti and Linksys [that was owned by Cisco some time ago]) according to the link below (and this is only about hardware compatible with OpenWRT)

https://openwrt.org/toh/views/toh_extended_all

And we know from the experience that backdooring something is a risky choice (even for government mandated access - like lawful intercept for the police), someone can discover the backdoor and then anyone would have access.

I think that bigger problem are ISP: I have for example an LTE router (not TP-Link), branded by one of cell phone operators which was selling them with their Internet plans. They have two versions of firmware - both of them customized with their logo, and both containing hardcoded (and well known) root password... Maybe the manufacturer has issued a firmware version without this vulnerability, but the operator is not providing it...

Different example - cable modem: end user cannot update it, operator updates it from the network side. End user doesn't know if the modem is patched or even still under active support... And nobody forces ISP to patch end-user equipment

D-link isn't great, especially considering updates and fixing their horrible security, so I would avoid it.

Mikrotik seems to be the best option if buying new, they are easily available pretty much everywhere, and RouterOS is both very capable and often updated.

That is a good reason to bring your own, not the free or location. My wireless phone provider was not happy to be unable to access my phone trough their network as usual with the phones they provide with doctored firmware or software.

Regardless of the router's manufacturer, it is always worth checking if you can flash it with a custom ROM based on open software.

For example https://openwrt.org/ , https://dd-wrt.com/ and then also using firewalls such as https://opnsense.org/ , https://www.pfsense.org/ and considering DNS blocking services such as https://pi-hole.net/ 

It can become cumbersome to maintain, but it gives you a lot more control over what is coming and going on your network.

Open Source router software solutions have the advantage of many prying eyes making it extremely difficult to insert back doors in the code.

I worked for an ISP that purchased hardware from a vendor that had a static root level passwords. It took considerable paperwork for me to be authorized to have it. Once provided it was trust that ensured it wouldn't be released. Think, one static root password for a vendors entire product line. I shook my head and logged in.