These appear to require direct network access, so likely most users (home user behind a typical NAT'd wifi router) weren't directly vulnerable... Also, I've always assumed that given the source of these, certain govt' entities would have full access if they wanted it.
I agree, I think the bigger story in all of this was the timeline to fix! Like if you go into the whitepaper and look at the detailed timeline, it is absurd how badly Wyze mishandled the incident.
That said, 2+ years to fix is ridiculous!