The problem is actually a lot worse than that. Even if you change your passwords, lots of these devices have hardcoded credentials that can not be changed. They are either publicly known or can be found by downloading a copy of the firmware from the manufacturer's site. The same firmware is also reused by different companies, so multiple models are affected.
There are so many remote code execution vulnerabilities that there is a decent to strong chance you will be able to get the device to send you the password. It isn't just limited to home devices like smart TVs and shit either, lots of industrial control systems are publicly accessible in the same way you can break into someone's shitty webcam.
The problem is actually a lot worse than that. Even if you change your passwords, lots of these devices have hardcoded credentials that can not be changed. They are either publicly known or can be found by downloading a copy of the firmware from the manufacturer's site. The same firmware is also reused by different companies, so multiple models are affected.
There are so many remote code execution vulnerabilities that there is a decent to strong chance you will be able to get the device to send you the password. It isn't just limited to home devices like smart TVs and shit either, lots of industrial control systems are publicly accessible in the same way you can break into someone's shitty webcam.
So basically if you didn't change the password on your smart doorbell, then you are fucked? You'll either get trolled or you will have your light switches be part of DDOS botnets