I reassure myself that close to 100% of fortigate costumes have the control plane locked down.
I have come to believe that not a single embedded web server is without critical vulns, after deploying maybe a million patches to HP boxen for the iLO mgmt interface
I that it's largely only software companies that have a red team mindset, and only a minority of them. Everyone else is patching when upstream patches and job done.