cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.
Airlive IP cameras suffers from information disclosure, clear text storage of sensitive information, cross site request forgery, denial of service, and path traversal vulnerabilities.