Cameras appear in these search results due to fundamental cybersecurity oversights by owners and installers.

Because these devices are designed for local networks, manufacturers often neglect security hardening, assuming the device sits behind a firewall.

Many users never change the factory-set login (like admin/admin ), making them easy targets for automated scanners.

IP-камеры и как их найти в интернете - Habr

Security cameras found through this method are rarely the victim of sophisticated hacking. Instead, they are exposed due to common configuration oversights:

This technique isn't a new discovery. It's part of a larger field of "Google Hacking" or "Google Dorking," using search engines to find security loopholes and sensitive data on the web.

To view their cameras from a smartphone, users enable "Port Forwarding" on their router (usually forwarding port 80 or 8080 to the DVR/NVR). They then sign up for a Dynamic DNS (DDNS) address. Google crawls the web constantly; it finds these open ports and indexes the index.shtml pages.

Universal Plug and Play (UPnP) often automatically opens ports on your router to make the camera "easy" to access, but it also makes it easy for Google to find.

?cam=%3C%21--%23exec%20cmd%3D%22ls%20%2Finternals%2Fviews%2F%22%20--%3E