This IP Camera is susceptible to CSRF at the following page:
/goform/formChnUserPwd
In the following parameters:
um_pwold, um_pwdnew, um_pwdcfm
The entire camera is vulnerable to CSRF, an example of another page is:
/goform/formUserMng
Eventually got round to getting a CVE number for it.
The CVE number allocated to this issue:
CVE-2017-6180