Apparently there are are some that are exposed to WAN access by default, or exposed intentionally for remote access; the researchers say there were many found exposed.
The article references prevention recommendations as follows:
Change default passwords on network equipment even if it is not reachable from the Internet.
Disable Telnet login and use SSH where possible.
Make sure that your router is not accessible from the Internet on ports 22 (SSH), 23 (Telnet), 80 (HTTP)
and 443 (HTTPS). If you are unsure about how to perform this test, when you are at home,
use the "common ports" scan from the
ShieldsUP service from GRC.com
. Make sure that
the above mentioned ports receive a Stealth or Closed status.
Running the latest firmware available from your embedded device vendor is also recommende