Sony’s response was incrementally better(as you’d want it to be, for the price); but it is not encouraging that their equipment made it into the wild with exactly the same class of egregious vulnerabilities as the cheapest of the cheap seats.
An ‘enterprise’ customer might well want some sort of vendor access mechanism, it’s not uncommon for high end equipment to phone home and request maintenance or the like; but an undocumented access mechanism would be wholly unacceptable. And, even if one is needed, that would be a more or less textbook example of where you should be using keypair authentication rather than hardcoded passwords.
Sony’s response was adequate enough to avoid being blatantly negligent; but they screwed up on this one.
