The indexFrame.shtml page is a default web page that comes with Axis video servers. It provides a user-friendly interface for configuring and managing the video server. The page is typically accessed by navigating to the IP address of the video server in a web browser, followed by /indexFrame.shtml . For example, if the IP address of the video server is 192.168.0.100 , you would access the indexFrame.shtml page by typing http://192.168.0.100/indexFrame.shtml in your browser.
: This is the recommended Windows tool for detecting and assigning IP addresses to new Axis devices on your network. Manual Assignment : Alternatively, you can use the AXIS IP Installer inurl indexframe shtml axis video server install
In a pentest, the indexframe.shtml exposed device was found on the same subnet as a Windows domain controller. By exploiting an unauthenticated firmware upload vulnerability (CVE-2010-2573), the pentester installed a custom binary that beaconed out, leading to full domain compromise. The indexFrame
If you find your organization’s devices appearing in such dorks, act immediately. For example, if the IP address of the video server is 192
curl -u root: http://target/axis-cgi/param.cgi?action=list
: Hackers and curious web-surfers discovered that by searching for this specific URL part ( inurl:indexframe.shtml ), they could bypass the need to know a camera's IP address. Google had already crawled and indexed thousands of these private interfaces.
| Risk | Description | |------|-------------| | | Live video from offices, warehouses, labs, or homes can be viewed by anyone. | | Network pivot | The video server can be used as a foothold into a corporate network (many are dual-homed or have firewall exceptions). | | Permanent backdoor | Attackers can add hidden user accounts, enable SSH, or install custom scripts. | | Botnet recruitment | Unsecured Axis devices have been used in IoT botnets (e.g., Mirai variants targeting Axis video encoders). | | Physical surveillance | An attacker could monitor security personnel movements, entry codes, or restricted areas. |