Definatly intended and intentionally hidden are the worst.
For example,
Axis,has telnet by default disabled, but anyone who wants access to the device can do so.
https://www.axis.com/no/en/support/faq/FAQ38461
Hikvision, has sshd enabled, but filtered by iptables rules - however when turned off, you will only get limited and "protected shell".
https://ipcamtalk.com/threads/is-ssh-or-telnet-available-in-5-4-5.19050/
(look down and you will find how to disable iptables rules, by HIK design)
Now let me ask one question;
Who of these two you think is the most interesting to audit ?
1. Axis - who openly provide information to open up telnetd to access the device, and give root shell to the device.
2. Hikvision - who hide and filter ssh access, who give only 'psh' (protected shell) to the device?
Who hiding stuff? any guts feelings?
Researches who is determined to get in, will get in - sooner or later, proof is only to look at Montecryptos excellent work.
Manufactures!
If you don't have anything to hide, let researched in to your devices and they will most likely help you to sort out any discovered vulnerabilities.
- Don't be HIK, be smart.