Any Internet-connected device is, in fact, a server, and must be seen and managed as one. This means strict control of installed services and, first and foremost, regular updates of all its software components (including firmware). If you acquire and install such a server which either can’t be updated or one which you know, realistically, won’t get any updates six months after installation, that’s asking to lose.
In my experience, keeping software and firmware aggressively up to date is far more likely to randomly break functionality and workflow and require my time and effort to fix than doing nothing and crossing my fingers I'm not subject to a zero-day. I can't even imagine how annoying this would be for someone without technical know-how. I think manufacturers who seem desperate to trick users into installing updates could go a long way by reducing the associated dread.
If you don’t update, you will be subject to an exploit, and you and your devices will then possibly be unwitting members of (possibly multiple) botnets.
Not updating for X days just increases the risk from only zero-day exploits to the risks of X-or-less-days exploits.