This reminds me...

My parents gave me a smart weather station for Christmas a few years ago. I never even took it out of the box. I know it exposes a web server so I can view a fancy UI in my browser...

I should take it out of the box and run a pentest on it. I imagine it's pretty insecure. The developers of these types of things often don't consider security.