Many of these cameras rely on deprecated plugins:
However, some cameras use simple MJPEG streams that load directly in Chrome or Firefox, meaning the vulnerability is still exploitable today. inurl viewerframe mode motion fixed
These are parameters passed to the surveillance software. Many of these cameras rely on deprecated plugins:
When combined, inurl:viewerframe mode motion fixed is a search query that tells the search engine: "Find me every webpage that has 'viewerframe' in its URL and contains the text 'mode motion fixed' on the page." However, some cameras use simple MJPEG streams that
This is the smoking gun. viewerframe is a specific file name or directory structure associated with older web-based CCTV and IP camera interfaces. Manufactures like Trendnet, Foscam, Linksys, and various generic "no-name" DVR systems used this string to name their video streaming pages. If you see viewerframe in a URL, you are almost certainly looking at a live video viewer page.
Unscrupulous individuals use this string to find vulnerable cameras for:
Important Legal Warning: Accessing a camera without the owner's explicit permission is illegal in most jurisdictions under computer fraud and abuse laws (CFAA in the US, Computer Misuse Act in the UK). This article is for educational purposes only.