The only option left if you ask the police/state, is to make a civil case out of it and sue the company. Sadly, civil court has rarely any effect on the market, which can clearly be seen by the sony rootkit controversy. The EU might enforce some industry regulations in regard to backdoors/spyware, but I would not count on it. To enforce such regulations, they would need to prevent importation of devices that break said law, and that's a rather large step to take politically.
If you feel that this sort of thing warrants a jail term then you should lobby for it to become a crime. As it is manufacturers are completely in the clear if they do things like this, the only way to put pressure on them is to vote with your feet.
There is a big difference between leaving a back door open through incompetence versus leaving it open with the intention of breaching your customers networks.