only applies to Windows (I think)
Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.
and won’t work without a permissions escalation.
I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.
What this is talking about is not really about the brand or model, its just about them being misconfigured. These cameras were exposed to the internet with either default credentials or no authentication.
Theres very few good reasons to expose a camera to the internet at all, just access it over a VPN. If for some reason someone really needs to access it over the internet (I genuinely cannot think of any), then they should put some proper authentication in front of it.
You can remove most apps using ADB. Universal Android Debloater is helpful for this, just make sure you read the comments for each app so you dont remove something you need.