I found something similar when poking through a firmware update for a cheap AliExpress IP Camera, iirc the username was admin and the password was just the camera’s model name.
I’ve been lucky enough to just buy WiFi devices that I can flash with Tasmota (to enable local control over MQTT, really nice) and have moved them to a separate network without Internet access.
A hidden admin user account with a hardcoded password is also known as a backdoor.
There’s no need to use politically correct weaselwords.
I found something similar when poking through a firmware update for a cheap AliExpress IP Camera, iirc the username was admin and the password was just the camera’s model name.
This is why I have full client isolation for all my IoT crap. They all receive instructions from the cloud anyway, not over the local network.
Some have local network capability using their apps, but I primarily use them via Google Home, so it doesn’t matter.
I’ve been lucky enough to just buy WiFi devices that I can flash with Tasmota (to enable local control over MQTT, really nice) and have moved them to a separate network without Internet access.