This (IMO) from the linked report is valuable info:
Certificate Based Authentication (Device)
Starting with Release 6.40.0240, the “unauthenticated” aspect of the vulnerability can be mitigated to “authenticated” by enabling certificate-based authentication, then executing additional hardening steps. After an initial certificate authentication setup, additional hardening is mandatory for secure operation: Disable port 80, disable HSTS-redirect, and disable password authentication. This enforces the webserver to demand a valid client-certificate during the initial TLS-Handshake.
Using certificate-based authentication makes it near impossible for unauthorized persons to exploit the device, even if exposed to the public internet. Thus, unlike the Hik magic string vulnerability where anyone with network access to the device could exploit it, you can effectively secure the Bosch camera without having to tinker with firewalls, VPNs, etc. Of course, this requires the client accessing the camera also support certificate-based authentication.
This appears to be an exploit of Bosch's RCP+ API, most likely some form of extra-long-string attack, as they mentioned buffer overflow, and not hard-coded credentials or API weaknesses that expose privileged information to attackers.