Not only are they building in backdoors, they are totally sucking at it.
SSH has, under ordinary circumstances, two login modes: password auth and keypair auth.
Password auth, barring a really good password and atypically robust hashing scheme, is the weaker of the two, and pitifully vulnerable to anybody with access to the password hash(ie. anybody who owns or has access to one of these devices or a firmware image they can unpack).
Keypair auth requires revealing only an RSA public key(which is added to the authorized keys file on the system), and only possession of the matching private key will get you in. Barring presently-unknown advances in computer power or prime factorization, this one is functionally unbreakable, regardless of whether you know the public key or not.
Guess which one they used?
(As an aside, I can attest to HP's security response being utterly dreadful. Back when we were using one of their systems at work, I found a priviledge escalation vulnerability, kiosk user -> root, and hammered at them for over a month with no response. Just crickets. They just don't give a damn, or if they do they can't find it.)