If this is the same one I remember from a couple years back, what’s not listed in this article: two different security teams warned them of the vulnerabilities multiple times, the vendor claimed to have fixed the issue when they hadn’t, the devices didn’t have any sort of physical bypass in case of malfunction, and what finally convinced the pen testers to go public was the company announcing that they planned to make a locking inflatable butt plug using the same platform.