Mitigation strategy? Don’t let anything from the internet communicate with the DVR! How often do you need the internet to communicate with a DVR in the first place? And if you do need access to the DVR from across the internet, then VPN into the corporate network to access it.
Most of the routers I deal with don’t ship with uPnP enabled; you have to enable it (or push a button) to turn it on. I’ll grant that it’s a total pain in the ass to turn on, at least for an Edgerouter, but uPnP is dangerous enough that it shouldn’t be turned on unless you know what you’re getting into.
