Apparently, some people who make firewalls believe in security by obscurity. (They could at least have used an RSA key to verify. Though that would still have been bad.)

I've worked at a large telco testing CPE devices (routers and whatnot) and it was common place to find backdoors like this. The devices were made by a third party vendor and most of them had hardcoded passwords and hidden debug features.