This is a device on your network, it has access to the same resources all other devices have. And yes, in theory it can receive commands from remote servers and it can send information from your network. It still would not have access to password-protected resources.
I would not panic about it, but consider what other resources are available on your network and if any of that may be of interest. In many cases the concern here is not the makers of the device, they often don't care. But the concern is the third-party attackers, who often exploit security holes in products like this (and they always have holes, because makers really don't care). This is especially true for security cameras, where footage can be leaked. The doorbell itself is not that valuable, but it might be an entry point into your network.