Leaving default passwords on routers and smart devices lets attackers log in using publicly known factory credentials.
It helps to understand why manufacturers ship devices this way, because it tells you exactly where the responsibility lands.
Real people have been burned by this exact mistake:
Walk through every connected device you own, your router, cameras, smart plugs, doorbells, printers, NAS drives, thermostats, even smart TVs, and update the credentials on each one.
If you only change one password today, make it the router's.
Read the complete breakdown, fixes and what happens next.