[djsumdog]

This is changing. I've seen a number of ISPs no longer have default passwords. Each router or modem has a random password string set to the device, it's printed out and pasted as a sticker on the modem (or some print directly to the plastic). A lot of big name devices do this now too.

Sure it's a password written on the device, but it's random, you need physical access to see it, and people who are security conscious can change it.

This bad practice isn't excusable, especially not by a company as big as Huawai, not if they want to be taken seriously.

[elmo2you]

It's definitely a good development that ISPs have started to deploy routers and modems with randomized passwords. However, please do keep in mind the deployment of consumer equipment and enterprise hardware is different. Or at least it should be, in theory.

Enterprise equipment is usually not supposed to be just dropped into place, without oversight. It usually needs proper configuration/management, by qualified people.

Whether this also happens in practice can be a different story altogether. Still, the security of enterprise equipment usually involves more policy and procedure than it does with consumer equipment. With the latter, security has to come more or less by default, because the people handling the devices usually have little expert knowledge.

[SuperNinjaCat]

From what I have seen where I live, printed passwords on things like home routers and VDSL/Fiber modems provided by major ISP's are for 802.11 stuff (WiFi passwords) and not for the devices management interface. This may have changed since I last looked into it a few years ago though. There was also the whole Netgear router "backdoor" port thingy (a device shipped by a major ISP) which I actually had to exploit to recover my password after forgetting it once, which was kind of amusing.