Why does THC Hydra and Medusa give false positives when used on TP-Link Netcam?


I am a university student who is doing a final year project on IoT device security within an isolated network.

One of the tests I carried out was brute forcing, I already knew what the username and password was for a factory resetted IP Netcam but wanted to see how it would work in practice and if it even worked on IoT devices.

The commands I used for both tools is as follows:

Medusa -h “IP address” -u “default login” -P Desktop/rockyou.txt -n 80 -M http

Hydra -l “default login” -P Desktop/rockyou.txt -e ns -f -V “Ip address” http-get

Hydra did seem to work fine on other devices and would attempt to go through the entire list. But for this TP-Link Netcam it seemed that both tools would just go partially through the lists and sometimes give multiple false positives within the few attempts made.

While I do not have access to these devices anymore to continue testing, I would atleast like to know if it was something I entered wrong? Or if the device has something that could potentially stop this?

Any insight would be greatly appreciated, thank you for your time.