Over 21,000 consumer-grade home security cameras are internet-accessible without any authentication, discoverable via Shodan with no technical skill required. No single CVE applies because the issue is a design pattern failure replicated across multiple unnamed vendors. For enterprises, the direct risk vector is remote workers whose home networks — containing these cameras — adjoin corporate VPN sessions.