Most IoT devices are a dumpster fire when it comes to security. It gets even worse when a company that isn't traditionally the sort that would have an infosec department (like someone who makes fridges) decides to buy IoT integration off the shelf from some random Shenzhen tat merchant, as the company simply isn't geared up to handle any sort of reporting of security issues and respond to them in an adequate way.
There is zero chance I'd be opening ports through to a CCTV recorder or leaving UPnP enabled for the devices to do it themselves. If you want to access stuff inside your network on the move then use a VPN.