Of course it won't happen anytime soon
I mean, why would vendors patch old hardware?
On one hand, they can spend time and money updating old firmware, then somehow sending the firmware out to owners, with instructions on how to update (and handle all the support calls), for no extra income, or..
They can just not care, state that the old hardware is "deprecated", and that the "fix" is to buy their latest shiny.
The second option is more profitable for them, precisely because there is no way of forcing them to fix old hardware. If you think about it, other industries have recalls, especially if a big problem is found, and companies are forced to do this, usually by whoever regulates their industry.
Software has no such regulator, so they can pretty much just wash their hands of the problem. If it causes the end user too much bother they should "upgrade" then.
Not sure what the best way of handling this is. On one hand, having millions of vulnerable IoT devices are just a botnet in waiting really. On the other hand, banning the devices from use or forcing companies to issue security patches both seem unlikely to happen and regulators could stifle what is a rather dynamic industry (for better or for worse).
My favorite solution is to just not have IoT devices unless absolutely necessary (and admittedly CCTV is one place where it is useful), however there seems to be a drive to shove a computer into every single thing possible, from children's toys to cars, and even lampposts, buildings and roads.
The world looks more and more like a cyberpunk dystopia as time goes on...