If the video server is misconfigured (e.g., allowing HTTP instead of HTTPS), credentials sent during login can be intercepted via man-in-the-middle attacks. Even the presence of a login page tells an attacker that the system exists, and they can attempt brute-force or password spraying attacks.
Executive Summary * Team82 has disclosed four vulnerabilities in Axis Communications' popular line of video surveillance products. inurl indexframe shtml axis video server top
The search term inurl:indexframe.shtml axis video server is a common "Google Dork" used to find the web management interfaces of legacy Axis Video Servers If the video server is misconfigured (e
Subscribe to Axis’ security advisory list. Update at least annually or when a critical CVE is announced. Axis provides a "Firmware" tool to automate checks. allowing HTTP instead of HTTPS)