Well, there's your problem

The vulnerability, which allows attackers to gain access to the devices over HTTP and HTTPS connections without authenticating themselves, was patched last July, but the fix wasn't widely installed.

(link)

And now bad people control the Internet.  Good job everybody.