Dahua. And then there are the Alibaba Chinese Hikvision cameras that generally can't be firmware updated. Seems like plenty of people port forward to their cameras as most of the camera forums say over and over to use VPN and not port forward.

"The specific Dahua IPC-HFWxxx old type vulnerable password was the one used to let this in, but that depends on how we apply our traps." http://blog.malwaremustdie.org/2016/10/mmd-0058-2016-elf-lin...