You're just not going to rest until somebody tells you to hack 10,000 cameras in the name of justice.
If XiongMai was serious about their recall, they could make their devices all give on screen warnings to the owners and also contact/return info, using the same techniques scripts used in the botnet conscription phase.
I don't agree. XiongMai is a component supplier, they sold components which then became part of another product/brand. Offering a recall is the right approach, at least theoretically, they recognize they provided defecting parts and are providing recourse for those affected. Altering components post-sale may affect the end-customers in unanticipated ways and violate agreements they had with their direct customers.
Samsung most likely had some kind of click-wrap agreement the owners of the phones agreed to that gives the company the right to send software updates that alter the phone. Unless XiongMai/their suppliers had users agree to something similar there could be legal issues around this (however unlikely).
Overall, not a sound idea for the company to do this.