Someone I know--but who would obviously like to remain anonymous in regard to this anecdote due to the legal climate these days--was attending a conference outside the United States last year and happened to be playing around with his laptop in the airport before his flight back home. The airport Wifi provider had a captive portal and pay-to-access internet but he didn't feel like paying. Instead he mapped out the internal network just to see what was accessible without passing the portal and found a Cisco access point management application (I don't know the exact product or version). Seeing a Cisco engineer he had met at the conference a few seats away in the waiting area he asked the guy if he knew the default credentials for such products. Turns out it was cisco/admin or something otherwise blindingly obvious and had never been changed.
So this guy was able to log in and see all the access points. But all the access points for what? The tree menu showed multiple items, but when opened, it turned out they were for provinces. Each province when opened had multiple sites, and each site had multiple locations and each location had multiple access points. This device had management access to every single access point in a very large wireless deployment for a large communications provider.
I probably don't have to emphasize how huge of a vulnerability this was. It could have been used to cause serious damage. Instead, the individual in question, being an ethical white-hat very quickly packed up his laptop and boarded the plane, emailing the company through an anonymous remailer when he got back home to let them know about the hole.
Sure, the company whose network he was on is absolutely responsible and ought to know better than to not change credentials on such a critical box. That said, it's time for Cisco to go the Microsoft route and force default passwords to be changed to help protect users from themselves.