Just a few comments to share:
Exploit works only on camera Web Server Port not on other network listenning services.
Publised PoC (reverse shell) is fully ussable by an attacker (as Ethan mentioned hard part is done) but, to exploit vulnerability, its necesary to assert "guess" proc architecture and firmware Version, if not is useless. Writing different shellcode than PoC reverse shell its hard work since its cross-platform Hex ASM code.
So if your cameras are published on internet behind a firewall, with firewall content filtering capabilities (such as linux iptables or standalone ones: Cisco, Fortinet, etc) you could add some deny rules to restrict outbound traffic (new connectings) to any remote ip for Cameras. This will avoid the reverse shell connection establishment by a remote Internet Attacker, thus avoiding hijacking.
If your cameras are published into the internet by having a Fixed Public IP, nothing to do prevent, hurry up updating firmware since is very easy to be exploit, (because firmware and model, needed by the script could obtained from the Ftp login banner of the camera).
Same situation if you feel an attacker could have accesss to the same VLAN of the cameras.
At this time, Compromissing the camera needs, reverse shell code ejecution in order to wrote changes on the flash config, zone such as /etc. And the only way to get rid off this potential issue is to reset to factory setting after firmware update that fixes vulnerability.
Resets all parameters, except the IP parameters, to the original factory settings is good enough to get rid of scripts and malefic code injections and safe to be done remotely.
Do not forget, to follow Axis as possible: http://www.axis.com/files/sales/AXIS_Hardening_Guide_1488265_en_1510.pdf