Yes, it has full independent access to the main CPU (like setting breakpoints) memory, and network. I have not heard of anyone catching it exfiltrate data, but it undoubtedly has sleeper code installed by CIA at manufacture which is a fact they do that revealed years ago by Wilikileaks vault 7
Discussion
I don't think it's done that way for ME which is code signed. More likely it gets in through confidential lawful intercept agreements with the companies themselves.