Except that the Cisco ASR1000 series are hardly "uber routers". I think the largest ASR 1000 can do 200Gbps, but the most common 1000s are 1 to 5Gbps. They are often used as CPE routers by telcos for enterprise services. Or as Internet edge routers by larger businesses.
And the reality is, that privilege escalation is not a big deal, on such routers, because the staff that have any sort of CLI access and those who have full privileges are usually the same. Companies with untrusted help desk staff may be an issue, but such staff are rarely given any sort of login.