Port forwarding gives you access to a mapped port on a client device on your LAN.
This can for example be be a IP camera, webserver, gaming console, computer or server.
Port forwarding in itself isn’t dangerous – its what you’re forwarding to that’s always the worry.
For example, a lot of CCTV firms port forward to the IP cameras on their customers LAN for remote management / monitoring.
Home users have done the same thing for baby cams too. They open ports for video streaming (RTP) and for the web interface of the cameras themselves. Then they walk away.
The best firms remotely manage those devices and actively maintain the firmware on the cameras and NVRs – most will not (as customers we tend to go for the cheapest quote – without management).
Imagine what happens when there is a security issue with the IP camera firmware – if the vendor is any good they will tell their customers (the installing firm) but in my experience very few firms then tell their customers if they are not under active management.
So then the customer is left with a hackable device attached directly to the internet. Anything is possible after that. Then bring IoT devices into the mix. There are so many security flaws discovered regularly with IoT devices.
But as long as firmware is up to date or a firewall is installed on the devices which ports are accessible port forwarding is absolutely safe.
This is usually the case with for example gaming consoles.
In short, if there is an alternative way for accessing a device on the LAN, for example by using a VPN or SSH, do so.
If there is no alternative make sure the client device is protected and has up to date firmware.
And finally make sure to change the default passwords for accessible devices!