Understood, I needed to make sure that the device is still accessible from M2Web, because if it was not, that would be an entirely different issue.
So as I understand it, the link or iframe in your application is what no longer works due to, what I am guessing was, a browser update that resolved a cross-site scripting vulnerability? Have you tested different browsers (if you are using one)? Do you have any more info about this update that broke the functionality?
If this is the case, I may have to consult with web development to see if there is a new method to embed or forward a VNC session.