An occasional security blogger named someLuser, who has an interest in embedded devices, recently wrote up the results of a security review he carried out on a popular brand of network-enabled security camera. Read More ..
His report was picked up in turn by the Metasploit team, who confirmed and clarified someLuser's discoveries.
You should head to someLuser's post for the technical detail, and for some interesting photographic insights into the sort of inquisitiveness you need to investigate embedded devices, but here's a very brief summary:
You can remotely persuade the device to reveal usernames and passwords for the administrative console.
You can remotely persuade the device to run a command shell and connect back to your computer so you can control it.
If it can, the device uses Universal Plug and Play (UPnP) so it is accessible even from outside your network.