Re: telnet?
What would be the point of either Telnet or SSH? If they have default credentials, then it doesn't matter for any access to the device. The default credentials will allow everything!
For a slightly higher hurdle, the web UI can be soundly hacked on most of these devices.
My Cisco router and Engenius AP required me to use a decent password on them. Unfortunately, companies like D-Link come hard coded for so many holes, it's absurd that they passed a competent QA or security analysis.
For now, the ISPs need to take action by shutting down access to the dodgy devices, like getting the owner's attention by cutting off access. Beyond that, the companies that made the devices need to be held accountable.