There are at least a dozen Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images. These are not law enforcement systems, from what I can discern, rather access control devices at commercial and industrial sites. Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP’s ASN), and the owner of some systems can be gleaned from other devices on the network.”]
Source: http://blog.networkedinference.com/2017/05/directory-disclosure-vulnerability-in.html

