Not really an SD-WAN issue
You will almost certainly find that most of the routers, firewalls etc... in the world are missing crucial software updates. It's a network admin issue not an SD-WAN issue.
Russian researchers armed with Shodan and Censys have identified nearly 5,000 SD-WANs with vulnerable management interfaces. It won't surprise anyone, The Register suspects, that most of the problems the three researchers (Denis Kolegov and Antony Nikolaev of Tomsk State University, and DarkMatter's Sergey Gordeychik) …
It is if your SD-WAN appliance du choix is based on an horrifically out of date linux distro and the vendor patches are few and far between. Remember, these management interfaces are not supposed to be exposed to the Internet (generally), so the vendor line may well be that fixing vulnerabilities for an unsupported deployment is not a priority.