Sadly not only them...
They're hardly unique in that area of the market for such an issue.
I have a similar DLNA renderer stick which also hotspots and has a fixed and unchangeable password of 12345678. Contacted the manufacturer (also Chinese), and for some strange reason they didn't see this as a problem or a security risk.
For some strange and unaccountable reason I only ever use it when travelling, and it's blacklisted from connection to my home network.
Wouldn't it be nice if such stuff was under some sort of requirement for import license or similar that it didn't open up such gaping backdoor holes in the network if used by Joe Public?