Agreed never to trust these closed source firmwares! Even if there isn’t malicious backdoors, there could be vulnerabilities that are never patched.
My Hikvision cameras + doorbell are connected to an internal PoE switch, that has a single uplink to my FreeBSD server (running NVR software). They have no internet access directly, only through services run on my server.
I have Home Assistant + Asterisk running on my server to get the calling features out of my doorbell.