Why wouldn't you tell the manufacturer so that they can fix it? What you're proposing is kind of immoral and irresponsible as a member of society. Whatever you do, do not reveal your identity to the manufacturer, some are likely to sue you for disclosing such a vulnerability. Better to release it on the dark web forums that -all- security pros check out than on github where you are easily tracked and outted. Remember that corporations are amoral entities meant for only 1 real purpose, to make their owners money.