In a statement, Xiongmai said hackers were able to hijack hundreds of thousands of its devices into a botnet because users had not changed the devices' default passwords.
The botnet then flooded Dyn's servers with traffic, which led to its systems overloading and failing. Websites that relied on Dyn's managed domain name system, including Reddit, Spotify, and Twitter, appeared offline.
But the company rejected claims that its devices made up the bulk of the attack.
"Security issues are a problem facing all mankind," the statement said. "Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too."
The company confirmed that it will recall some of its older products sold in the US made before April 2015 in an effort to improve its password functionality.