On vulnerable "fixed" firmware, the systemtime.cgi allows NTP server injection. A manual HTTP request like: http://[IP]/axis-cgi/systemtime.cgi?action=set&ntp=1&ntpServer=;reboot; Will instantly restart the device. More dangerous commands can retrieve the shadow password file.
: Targets the specific web page used for the camera's control interface. inurl+indexframe+shtml+axis+video+server+fixed
: Often refers to "fixed" position cameras (as opposed to PTZ/Pan-Tilt-Zoom) or specific firmware status markers. Exploit-DB 2. Critical Recent Vulnerabilities (2025-2026) On vulnerable "fixed" firmware, the systemtime