When setting up the routers, the wizard launches and guides someone through the initial setup, including creating the admin password. Unfortunately the entire process is done without encrypting the traffic from the GUI to the device with SSL / https, so the password and all other data are transmitted in plain text, for anyone in the middle to catch and read.
This is not industry standard for a professional network security device and should be changed ASAP! All traffic should be enrypted from the get-go, especially when transmitting admin password and other sensitive data.
So my request is: Enforce SSL by default.