Because we need to get away from stuff like this: https://blog.lumen.com/silence-of-the-hops-the-kadnap-botnet/ The PLA has made electronic warfare a priority, and they're quite happy to use their manufacturing base to help accomplish this. The Chinese have been on this warpath for 25+ years. They stole Cisco Systems' IOS source code in the early 2000's, and then built clone routers to run IOS, with their additions. They tried to ship some of their clone routers into sensitive customer accounts. They're quite capable of adding things to routers that should not be there, and yes, it could go down to the level of the ASIC's and SoC's that are in the routers, which we won't find without pulling apart the chip(s) and reverse-engineering them with a microscope. Reverse-engineering source code is much easier today than it was 25 years ago, and security consultants are getting pretty good at reversing code to find hidden "features," but it still leaves far too much of the US being vulnerable to distributed attacks and snooping. So it's easier to move us away from the ChiComs and PLA by banning new routers, and working on moving "sensitive, but non-military" manufacturing back into the US, including things like medical devices and supplies. Writing new source code for a router won't be difficult, since there are already open source router code bases out there. For low-end routers, someone wanting to ship a product could use something like one of these as a start: https://frrouting.org/ https://bird.network.cz/ | 
The US has banned all new models of internet routers not manufactured in the US.