Re: @Andrew Jones 2
If you have a backdoor, you have an avenue for repairs.
Why isn't this back door disabled by default? Why not have a physical 'unbollux' switch on the device to enable it, which must be turned off to resume normal operations? Why is there a common backdoor account for all these devices, instead of single device accounts which would need to be looked up by serial number to gain access? Neither of these are particularly high tech, and neither are particularly sophisticated (the latter has the account database as a single leakable point of security failure) but even these basic steps were not taken. I'm not even a security guy; I'd like to imagine that there are 'best practises' out there that people should really be using by now that are rather better than my ill-informed ideas.
I have minimal sympathy for the vendors. If this is new kit, as opposed to stuff from the Bad Old Days of No Security Whatsoever, it is totally inexcusable as opposed to being just a poor and short-sighted design decision with serious consequences.