So if we’re not talking about ISPs sending this out, then the reason that remote access gets turned on by default is incase the company sysadmin couldn’t physically get to the device, and they assumed the company had a firewall.
Companies almost always prioritise OOTB setup and operationality over security when it comes to defaults.
I can’t think of a single ISP that was using old Ubiquiti EdgeOS routers as consumer routers.
So if we’re not talking about ISPs sending this out, then the reason that remote access gets turned on by default is incase the company sysadmin couldn’t physically get to the device, and they assumed the company had a firewall.
Companies almost always prioritise OOTB setup and operationality over security when it comes to defaults.