] The problem involves a default username
] and password that are wired into the
] devices' software and can't be
] deactivated without a software update,
] according to a Cisco security advisory
] released Wednesday.

Its not bad coding, this is not failing to check a return value for a buffer overrun, this is pure stupidity, folded up, and place in a program. QA failed, big time