It's like Poe's law of security
You just can't tell if they are doing this on purpose or not.
If you've got a D-Link DWR-932 B LTE router, you might want to fire it into the sun – or hope that a firmware upgrade lands soon. Following the consumer broadband industry's consistently lackadaisical attitude to security, the device suffers from everything from backdoor accounts to default credentials, leaky credentials, …
The amount of vulns and their nature could easily be seen as malvolence,
here ...
srand(time(0)), seriously ???? admin:admin, really ? other hardcoded accounts/backdoors ? in 2016 ?
Upnp, I wouldn't care since noone concerned by security uses it anyway ...
It's time to pass some laws ...
Don't assign to malevolence what could be assigned to plain laziness, incompetence, and greed. There is much more of the latter than the former. I fight every day with developers who don't like to code the proper way because it requires more effort (and need to learn...), and managers who want everything done without spending a dime, and prefer cheap devs to skilled ones.