"We are unsure how the attackers managed to infect the router devices with their malicious implant. It is likely that they gained access to these devices by either scanning them for known vulnerabilities or targeting devices that used default or weak and easily guessable passwords for authentication"

This implies the opposite of "the CCP has a backdoor to every device". Vulnerable devices from all manufacturers get exploited like this all the time.