A flaw in a range of security cameras made by US firm Trendnet means that anyone with the correct URL can view footage from affected devices without a password.

As the BBC reports, the problem, first exposed online almost a month ago, means that armed with the correct IP address and URL structure, any of the vulnerable cameras can be viewed straight from a browser. To those who know how, the online device search engine Shodan can be used to locate susceptible cameras.

Trendnet says that it is rolling out new firmware for the affected models of camera this week, and that it had halted shipments of affected units to retailers. It blames the problem on a coding error introduced as far back as 2010. The company told the BBC that 26 models of camera and fewer than 50,000 units were likely to be affected in total – although that’s still a hefty number.

Trendnet admits to having been aware of the flaw for over three weeks and is yet to issue a formal statement to customers about it – something that its users who may have been spied on by curious Internet users probably won’t be too happy about.