[azinman2]

I strongly disagree. You’re literally putting people’s lives and possessions at risk who have no knowledge of this. There are many alternative methods, from getting the government involved to giving a a very long lead time to the vendor before you disclose this, to sitting on it and never disclosing.

[ChoGGi]

The information is already sitting on Google for anyone to find, vendor doesn't give a shit.

Best to get it out there, at least if you're stuck in one of these buildings you can log in and change the admin password yourself till your building management does something about it.

[megous]

Software vendor and building manager are putting people's lives at risk.

Can't software coders ever take responsibility? And this is on the programmer who implemented this, too. You just not let your product manager do this, ever. It's 2025 already.

And this is a security product, wtf? Residents should be suing individual programmers here. OWASP was created 24 years ago. Default credentials is like number 1 on their IoT app security list. Only a moron would not defend against this. If your manager requires this, you just send him:

https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Pr...

And tell him no. If he still wants it, you just report him to Reddit or whatever. :D