User tries to print a confidential document. Prints it on their neighbour's printer, or a printer somewhere on the internet, instead.

User tries to grant their soundsystem access to their google music. Gets cut off and asked to reconnect as they're walking out the door. Ends up granting the cafe's soundsystem access instead, and maybe that gets combined with another exploit to give someone else at the cafe access to their documents.

User is in the habit of using the same username/password everywhere, enters it into http://192.168.1.1 on some hostile network.

User knows to use a password manager, but password manager is happy to put their router password into some other router's login; attacker uses this to subvert their router

Thief replaces the home webcam with one that supplies a dummy image, takes their time to clear the place out.

You're not describing the attack, you're describing the damage that could be done after an attack has already compromised the system. I'm saying describe the exact attack scenario, i.e. how any of these could be made possible in the first place.

Impersonate popular home devices on public wifi networks, or on the Internet. Exploit that "push the button on the router to allow this device to join" thing that was popular (but vulnerable) a few years ago. Subvert an insecure IoT device on the target's network. Attack from their friend's compromised device when they connect to the target's wifi, or just use their credentials. Splice into ethernet cable where it runs through a maintenance floor or a cabinet on the outside of the building. Once you're on the network either ARP spoof or just register with the router under the same name (perhaps after DoSing the legitimate device).

The network is not completely public, but even a home user's network is too weakly-defended to just blindly trust to any device connected to it.