Huawei's equipment will almost assuredly run anyone's spyware. Huawei uses a medley of ancient, highly vulnerable OpenSSL libraries sprinkled through their basestation code, and apparently they've forgone any kind of version control to ensure an optimally confusing work environment for their development teams: https://hmgstrategy.com/resource-center/articles/2019/04/04/...
Frankly, these products are likely unmaintainable long term without a total refactoring of the codebase, nevermind the abject lack of security.
The trick with these vendors is the codebase will never see serious improvement, as these basestations aren't going to be sold for the next decade, so Huawei will do the bare minimum and shelve support in short order.
Huawei's software development practices seem quite horrifying. Critical systems like these ideally would be written in specially-designed programming languages that support mathematically proving correctness (Coq comes to mind). There's probably still room in the programming language design field to create new languages that are user-friendly but also integrate Coq-like systems plus other verifiability and correctness techniques into the language itself.
Or Juniper's constant flow of new CVEs, they are a popular alternative to Cisco that many ISPs use heavily :P
Network security is piss poor, most of these vendors add vulnerabilties atop secure distros (OpenWRT, Debian, etc) and flog it as the best thing since sliced bread.
Frankly, these products are likely unmaintainable long term without a total refactoring of the codebase, nevermind the abject lack of security.
The trick with these vendors is the codebase will never see serious improvement, as these basestations aren't going to be sold for the next decade, so Huawei will do the bare minimum and shelve support in short order.