I wouldn't do anything myself, too risky. Printing on somebody's else printer could get me sued.

What about a state level authority doing this scans, contacting owners, maybe even fining them? That would be like authorities for food safety, etc. It would put pressure on manufacturers because people don't want to buy things that get their owners fined.

What's the reasoning for fining someone for leaving stuff available? Should self-hosting a site be made illegal? If not, how do you distinguish the two?

Unsecured cameras, internet facing lights, etc. It's not like leaving the home door open, which harms only me. Those devices can be used to harm others. IMHO fines for customers will lead to more secure devices, by design.

Ooooo and we can fine them for leaving doors unlocked, and for not being inside after curfew!

I explicitly wrote this is not the case.

The 100% legal route would be to whois the IP address and send the contact an email; presumably they can identify a user and pass it on.