What kind of rights or permissions does a USB dongle have when plugged into the router?
For example, say you plug in a LTE dongle from Huawei, you just never know what backdoors there might be hidden. Is it possible for them to have code executed with root privileges as soon as its plugged in?
Assuming using v19.07.7
you do realize most electronics are made in China, right ?
yeah.. but what do you mean?
If you're implying that the routers are also made in China and that they might have backdoors too.. how would the routers have backdoors if you flash them with OpenWRT?
Otherwise please clarify what you mean from the questions i have asked in the original post.
Point is, why only worry about Huawei (you did however say others too)?
All brands make their electronics in china, what makes Huawei any special ?
And why does it have to be a router ? Anything with internet access (and a lot of things without) could be snooping and/or have a back door.
I mentioned the brand Huawei, because most of the USB 3G/LTE dongles out there come from them.
But was wondering about what kind of rights or permissions does a USB dongle have when plugged into the router? and if its possible for code execution as root user as soon as plugged in?
possible - sure
doable - probably
probable - doubt it, to much $$$ at stake, if you get caught
@include1, welcome to the community!
You asked about USB dongles that you don't flash, not regarding a device that you changed its firmware (and could see its source code if you chose).
If you're honestly concerned that a USB dongle that provides your Internet is malicious, it won't really matter if it executes anything on the device itself. 
Let me rephrase. Say you bought a Huawei 3G/LTE dongle, and you plug it in your openwrt router for internet. By default, what permissions/rights does that USB device have? Does it have root:root ?
If you do:
ls -la /dev/bus/usb/
you get something like:
drwxr-xr-x 2 root root 80 Jan 1 1970 001
drwxr-xr-x 2 root root 60 Jan 1 1970 002
Does this mean that the USB device or ANY USB device has root rights to run a malicious code??
Hmm, it is not about the internet provider. Its about trusting the USB device. As the internet provider has nothing to do with the device itself, obviously.
I think I understood the first time; but thanks for more clarification. No USB drivers whatsoever are installed by default in most OpenWrt devices. It should do nothing...in some devices, it won't even get power at that point of insertion.
root would be the user that could access the deviceI'm also referring to the device, not the provider.
Really (then how does it connect to their towers 
)...well if you believe that, then you should have no worries! 
Hope this helps.
Dongles do not execute code on your router. The kernel drivers (provided by OpenWrt) communicate with the dongle by a binary protocol.
A dongle can of course intercept your Internet usage and "call home" to the manufacturer or any other site. The overall concept of OpenWrt or any router is to consider everything on the wan side of the firewall to be un-trustworthy.
I understand your sarcasm here...but tell me what you mean by this then:
I dont know how Huawei/other companies use our ISP to give us internet, so can you explain what you mean here? because i clearly dont understand.
If you are saying that i should worry about my connections being spied upon by companies like Huawei, why does that matter if you use a VPN/TOR from a PC? Why is being worried about the USB dongle having a backdoor used to do other potential type of LAN or internal network spying and other potential LAN device break-ins less important than WAN spying?
sorry for the noob-like questions
Here's a thought about this - all brands MAKE their electronics in China, Huawei DESIGNS them in China (possibly with design input from CCP). See what makes them special now?
OpenWrt considers the dongle (or whatever other modem you use) to be part of the Internet. It is blocked from seeing your LAN.
I see it the opposite way.
Since they design and manufacture their devices themselves, they should have better control of the whole process, compared to other companies, who outsource to the lowest bidder.
That's a plus, IMHO.
Semi-sarcasm, I was noting that you oblivious to more possible and more likely problems from WAN.
If Huawei/other companies/CCP has code on the dongle it can do "anything" with your traffic. Even encrypted traffic (as it could be the Man-in-the-Middle).
...can you trust I didn't alter the package.It's all good!
You keep adding conditions. It wouldn't in a VPN on the client scenario...so long as you use certificate-based or pre-shared key like connections.
China, the CCP runs things; and gets what it wants.
I never said that it was/wasn't...can you explain this.
Indeed, but that applies to all companies over there, not only Huawei.
Which leads back to my initial reply, it's all made in China.
It certainly doesn't apply to companies that don't design their products there... But if that's all you can afford, by all means - go buy Huawei... They're good products otherwise
So you're saying that CCP can't make Foxconn in China "modify" the code they load onto whatever device, just as much as they can with huawei?
Tell this to Apple... But to play along, I will just say it's much easier to have that code preloaded in the design instead of "forcing" Foxconn to inject it at the right place so it's undetectable. Also this is not only about code, much easier to do it in silicon instead...