Continued from the earlier post (guess this stream burn my house down)
The user manual is hf-lpb100u_user_manual-v1-1 . You can make it fetch and execute a new firmware from anywhere in the world (over http only of course). without authentication.
You can also cause it to become a WiFi STA (access point) and generally hijack other wifi traffic. Or just ARP poison it to come here. So its a general telemtry point in the house.
To 'increase the security' they removed the / page of the web, but all the sub pages are there (http://172.16.0.128/iweb.html for example).
Sigh. Tin-foil hat don't fail me now, i got some internal firewall changes to make.