When an IoT company ignores basic security and goes for profit alone, you get botnets.
I personally have a Zmodo PoE cam/DVR setup and was surprised they are part of this issue.
I have my cams firewalled and only a few ports open to dvr for remote viewing capability and it does not use cloud viewing option, only direct IP.
I will have to probe my DVR using default passwords given in deeper links in the article. I knew the security sucked on the system but was not concerned about someone seeing the outside of my house nor aware of any cases of network traversal using the dvr (still not mentioned but will research more) I was not aware remote firmware could be uploaded either. And why the hell is telnet even included these day?
Crazy stuff