When such URLs are publicly accessible without authentication, the following information can be exposed:
http://203.0.113.45/view/index.shtml?cctv_work=1
A typical result might look like:
http://xxx.xxx.xxx.xxx/view/index.shtml?cctv_work=live
Or:
https://security-server.local/cctv/work/view/index.shtml
These URLs commonly belong to:
To enable remote viewing, users or technicians frequently enable UPnP on their routers, or manually set up port forwarding. This maps the internal IP of the camera directly to the public internet, exposing the index.shtml page to the global IPv4 address space.
Create a /robots.txt file with:
User-agent: *
Disallow: /view/
Disallow: /cctv/
Disallow: *.shtml
However, robots.txt is a polite request, not a security control.