The Vilar IP Camera model IP-001A is probably the Monacor VWC-300PT camera under different branding. Even the manual uses the VWC-300PT header but refers to as the Vilar elsewhere! The Vilar IP-001A running firmware 18.104.22.168 has default administrative credentials:
After that click [ok] and then enter the administrator’s username as “admin” and the administrator password as “123456”.
There is also a stored cross-site scripting vulnerability in the /setup/user_account.html page. If you create a user (even with guest privileges) and use an XSS payload for the name, it will save ti and render it on subsequent loads (after it reboots the camera). The URL of this page is http://%5Btarget%5D/cgi-bin/action?action=loadpage&page=/setup/user_account.html&lang=eng but once you input the information it actually gets updated using the http://%5Btarget%5D/cgi-bin/action script. Example payload: