I worked for <business imaging company X> where every network-connected copier automatically setup its own web server where unauthenticated users could peruse all of the jobs printed recently. Sure, a firewall might prevent public access, but it also wasn't hard to use Google's inurl: function to find the (at the time) 5% or so companies using these things that had public ip's assigned. You could also upload documents like PDFs to be printed out. Many of the high end fax machines had the same "feature". HP printers did something like this too, but that's not where I worked.
EDIT: Oh, and the network controllers that ran them were uniformly updated and managed with fully open "admin" username no-password telnet and ftp services. IoT insecurity began a looooong time before the term IoT even existed.
EDIT: Oh, and the network controllers that ran them were uniformly updated and managed with fully open "admin" username no-password telnet and ftp services. IoT insecurity began a looooong time before the term IoT even existed.