I know you aren’t fielding responses so forgive me for using your post for a reply but on the off-chance someone is reading through and wants to understand I am going to add some context because some of what you are saying is correct depending on where you are sitting (it also let’s me check my understanding).
So, to the world, if you are wearing a security hat then NAT isn’t a “security solution” it’s a “networking solution” with security implications. Every home router I’ve ever seen uses NAT to make it’s own little self-contained network. Sure, you don’t need NAT to have your own local network (LAN) but what NAT does is provides a pipeline to connect your home network (your LAN) to the Internet.
The reason is simple: unique IP addresses are costly but a requirement for all TCP/IP networking (aka The Internet). It was obvious early-on in Internet era that we didn’t have enough IP addresses to give every person, every internet device, every computer, phone, refrigerator, etc an IP address.
So someone smarter than me came up with the simple solution (conceptually not technically). Use “private IP addresses” (set aside for just that purpose) on the local side and then use one IP address at the modem (your standard router/modem/switch that you use to connect to the Internet) to represent the whole network on the public-facing side.
NAT is the pipe that connects public-traffic to private-traffic. It doesn’t just let any traffic in, though! It keeps track of your outbound connections to make sure inbound traffic (Fb, Instagram, Wyze, etc) gets routed to the correct device.
If the router looks at it’s NAT table and sees no outbound connection (or forwarding directives, like port forwarding) then it drops the inbound connection or refuses it (if this sounds similar to a firewall, you’re right).
Imagine you have a huge apartment complex with lots of deliveries constantly coming in. So you install an elevator that only lets in people if someone from inside has invited them in and then the elevator takes them directly to the right apartment. It was created for efficiency not security but it clearly is part of the overall security picture.
How does this relate to the Wyze vulnerability? Well, an attacker trying to access a Wyze device (like a camera) would need to be able to access that internal network (your LAN) to take advantage of the security issue. There are multiple ways of doing that but ultimately for the vast majority of the people with default settings on their ISP-issued modem/router that means a firewall and NAT are enabled so an attacker must take advantage of some other vulnerability to get access to your internal network.
Maybe that is a social-engineering hack (giving an attacker your wifi password) or making it’s a direct attack on your modem/router or maybe it’s taking advantage of a security vulnerability on some other device. This intermediate step is a requirement (not to mention having to install a MicroSD card).
That key detail was left out of many media reports and is necessary to understand the actual risk level.
To be absolutely clear, I think Wyze’s response was inadequate. I am disappointed but context matters. Wyze was not leaving the front door open, it was leaving the bathroom door open in your locked house. Not cool but not catastrophic.