From here, an attacker could download the configuration file via: http://[IP]/axis-cgi/admin/param.cgi?action=list
IT professionals use these "dorks" to see if their own company's equipment is accidentally exposed to the public internet. inurl indexframe shtml axis video server new
In 2022, a search using inurl:indexframe.shtml revealed over 1,200 Axis cameras in a European country’s transportation system – all with default passwords. The researcher reported it, but not before logs showed unauthorized access from foreign IPs. From here, an attacker could download the configuration