I think that publishing credentials in mass media in such a way is a very bad decision...
Imagine you are a CISO and suddenly you discover that your cameras are just completely off security. Questions emerging in the head:
Has anybody hacked them already?
Is someone spying in real-time?
I can't wait for the patch to come, I don't know how long I have to wait, I have to get rid of them all, do I have the budget?
How will I tell to general management that our security can be or already compromised?
I understand to publish a report stating that cameras have CRITICAL severity vulnerability which allows complete control. Then OK, my partner will tell me that (for example) and I will plan migration. And in described situation I need to migrate NOW! Cause any script kiddie who just completed school would like to "test" my security cause he knows that it is vulnerable...
Someone can just be fired from job cause he or she has missed to read a single article and some other employee accidentally has read it and made "a joke" on security department.
Re-sellers will suffer too. I as a CISO will ask them: why have they sold me such piece of garbage? They should have had a competence and expertise while consulting me on surveillance solution... Will I forget or forgive? (typically no) Will I buy something else from them? (typically no again, cause I've paid them wanting them to solve my problems and it turned into another greater problem) How do you think?
It's like publishing an exact drawing of a master key which will bypass security and open your car. Will your first thought will be about the vendor and marketing nightmare that awaits that company? Will you be happy about it? Or you will think, God, anyone anywhere can break into my car and steal it... what I am gonna do now?
Publishing credentials is not a vendor punishment... but worldwide customer's security Risk rise.