Tools like nmap with the http-shtml-vuln script (part of nmap-vulners ) can detect remaining instances:
: Modern routers and cameras often have UPnP disabled by default to prevent accidental exposure. view index shtml camera patched
