The problem here isn't Dahua.
Zoomeye comes from the XM part of the firmware they run (and the XMEye remote access software provided) - which stands for "Hangzhou Xiongmai Technology Co.,LTD."
Xiongmai provide the core of almost ALL the chinese DVRs out there. If the support software has XM in the title then that's where it came from. They're at the heart of Dahua, Hikvision, Annke/Sannce, Swann, etc.
if the engine of the DVR is a Huawei Hi3xxx series SoC, then you can almost guarantee that the firmware is Xiongmai - and that comes with a bunch of problems:
1: It's embedded linux with hardcoded passwords (it's easy enough to unravel the firmware to verify this)
2: Xiongmai _refuse_ point blank to comply with GPL
3: It's seldom-if-ever updated
4: "Secutrity? We've heard of it"
5: These holes are mainly due to the "need" for external access through Carrier-grade NAT - qhich ends up requiring the DVR to connect to XMeye.net to say "here I am"
6: The actual DVR software is an embedded, stripped binary blob containing a bunch more GPL software (you can see the symbols inside it) that's almost never updated (sound familiar?)
7: Xiongmai are running around accusing all and sundry of pirating their software
As far as I can tell, it looks like Huawei contracted Xiongmai to make firmware for these SoCs. I've brough the GPL issues up with Huawei Europe, but they seem powerless to intervene.
A few journalists taking an interest might help.