Safety.
>>>"It's important to note that for this vulnerability to be exploited, you need to have local access. So the risk of this being exploited is low."<<<
Do these boxes also have WPS, WPA & WPA2 active by default as well? I'd suggest the low risk is down to being one of millions in the herd available for targetting.
I think we can deduce that the EE equipment developers finders are Trotters Independant Trading co.