if the manufacturer thought about security, there would be no empty password and an active interface when deploying a cloud image. how you can run such an image in the cloud with such settings is not clear at all. Have you studied at least the customer usage scenario ? do you understand that everyone always has VPS/VDI with open ports and interfaces? it was possible to change the password and enable the network interface only through the locale.
open telnet and admin without password in 2021 - laughter