Both the parent and you can be right in this case.

The parent rightly suggested that there is the obvious intention to exploit these devices:

> This is so bad that it must be intentional, right? Even though these are dirt cheap, they couldn't come up with $100,000 to check for run-of-the-mill vulnerabilities?

You explained that there could be an economic reason for the appalling absence of security:

> The only way these ultra-cheap products are getting shipped at these prices is by doing the absolute bare minimum of software development.

But the parent's point is more convincing, based on the observable evidence and the very clear patterns of state-sponsored exploitation.

The vendors could set default passwords to be robust. The vendors could configure defaults to block upstream access. But maybe the vendors in this particular supply chain are more like the purveyors of shovels in a Gold Rush.

A less-charitable metaphor is possible where state-sponsored motives are unambiguously known.