It's about time...
...crap like this was regulated properly. It's only a matter of time before someone gets killed.
If devices have to be certified to physical standards in order to be sold (CE, BS, ISO etc), why the hell shouldn't the firmware -and the ongoing support for at least a warranty period- be subject to at least some bloody straightforward standards. I can propose a very simple list as a starter, feel free to add any more...
1. Doesn't use any hardcoded passwords that are common across all devices.
2. Doesn't use default passwords that can be derived from the MAC address.
3. Doesn't use insecure WiFi authentication (at least WPA2-PSK).
4. Doesn't allow authentication in the clear.
5. Doesn't allow inbound access through ports apart from those clearly defined and documented as required for the primary purpose of the item.
6. Doesn't allow outbound access except to hosts and ports clearly defined and documented as required for the primary purpose of the item.
7. Is hardened against simple common exploits (SQL Injection, CSRF, etc...)