Shelly Wall Display exposed RPC over Bluetooth 

The Shelly Wall Display shipped with an inaccurate internal temperature sensor and a bundled Bluetooth temperature sensor that required Bluetooth to remain enabled; unlike other Shelly devices it did not allow RPC to be disabled independently of Bluetooth. This design meant RPC over Bluetooth remained exposed and could be used by an attacker in range to reconfigure the device, connect it to an attacker-controlled network, and pivot to other devices; Shelly released firmware fixes (stable 2.6.2) to address the issue and users are advised to update or disable Bluetooth if they don't use the external sensor.