Bug bounty program
It'll be interesting if someone like ASUS starts a bug bounty program for their comms gear. It would probably help get widely deployed gear "up to scratch" within a few generations (of gear, not people).
Unauthenticated users can rip unsalted passwords from Asus routers. Critically the pwning of the high-end consumer routers requires users to enable anonymous access to FTP servers. Users can thanks to insecure default configuration access all sensitive parts of the system without the possibility of restrictions being …