I mean this is still a semi-bs response on your case, even if you don't realize it.

Many of these devices have security flaws that are horrific and out of best practices by over a decade.

Just having something like "Have a bonded 3rd party security team review the source code and running router software" would solve around 95% of the stupid things they do.