I commented elsewhere, but I once had a soundbar that just had a no password ssh login. It was one of those ‘connect to your WiFi’ to stream music through models and for whatever reason, after connecting it to my WiFi, it continued to broadcast the publicly joinable setup network.
SSH was open to both the unsecured and secured networks, so anyone within WiFi distance of the device could have gained root control of it. Or if I had a sufficiently weak network setup, anyone online could have taken control of it.
I commented elsewhere, but I once had a soundbar that just had a no password ssh login. It was one of those ‘connect to your WiFi’ to stream music through models and for whatever reason, after connecting it to my WiFi, it continued to broadcast the publicly joinable setup network.
SSH was open to both the unsecured and secured networks, so anyone within WiFi distance of the device could have gained root control of it. Or if I had a sufficiently weak network setup, anyone online could have taken control of it.