This indicates the video compression format being requested. Motion JPEG compresses each frame of video individually as a JPEG image, which requires more bandwidth than H.264 but demands less processing power from the camera.
Administrators looking to monitor their cameras from outside the local network frequently configure port forwarding on their routers. Without strict firewall rules or Virtual Private Networks (VPNs), this exposes the device management port directly to the public web. The Risks of Exposed IP Cameras
Or for newer models or specific configurations:
This is the most important step. A network camera should rarely have a direct public IP. inurl axis cgi mjpg motion jpeg top
What he found was a single frame.
Google, Bing, and Shodan actively crawl the web. When they find an unauthenticated stream, they index it. Even if the camera is secured months later, the cached image or video still fragment may remain in search results, periodically leaking visual data.
Unlocking Network Surveillance: An In-Depth Guide to Axis CGI MJPG/Motion JPEG Streaming This indicates the video compression format being requested
A 2025 report found over 6,500 vulnerable Axis Device Manager and Camera Station servers exposed to the public internet, many belonging to major corporations and government agencies, giving attackers a central point of entry to entire surveillance networks.
This specific string is the URL path to an Axis network camera's Motion JPEG video stream. On many Axis cameras, accessing http://[camera-ip]/axis-cgi/mjpg/video.cgi directly delivers the live MJPEG video feed. In older firmware versions, this stream could be accessed without any authentication. A similar path, /axis-cgi/jpg/image.cgi , would return a single JPEG snapshot rather than a continuous video stream, providing another way for attackers to check if a live feed can be captured without authentication. The GitHub repository ofxIpVideoGrabber notes that "public cameras can be found with a google search like this: inurl:axis-cgi/mjpg (motion-JPEG)." This demonstrates that developers and researchers are well aware of the technique and have incorporated camera discovery into their software libraries.
For organizations using Axis cameras, the solution is clear: update firmware, disable anonymous access, implement network segmentation, enforce strong authentication, and conduct regular security audits. For security professionals and researchers, the dork serves as a reminder of the importance of responsible disclosure and ethical behavior. Discovering a vulnerable camera does not grant permission to view its feed—it creates an obligation to report the vulnerability to the appropriate parties. Without strict firewall rules or Virtual Private Networks
A similar Shodan search would be: "Axis" "mjpg" "200 OK"
This indicates the Motion JPEG video stream format. Unlike modern video codecs like H.264 or H.265, which compress video using temporal differences between frames, MJPEG compresses each video frame individually as a separate JPEG image. This makes it resource-intensive for bandwidth but highly predictable and easy for web browsers to render natively without external plugins.