Edit: Two hours later I determined the cameras were hacked. They used some sort of exploit to access (possibly flash different firmware) my old DS-2CD cameras I purchased over 5 years ago which changed the time on the camera. Using Blue Iris, I pulled the data from the camera which showed the camera time changed to March 3 2018 (not 2019). I put that data into the Password reset tool on this site and was able to reset my camera to default password and login!!
Edit 2: Also found out UpNP was turned on by default (old firmware), so anyone searching my DDNS would see the Hiksvision camera in plain sight, even through the firewall. This is what made both cams of mine vulnerable.
Thanks for the information on this site, without it I would have thrown these fully functionary cameras in the trash. I'll be reading more to figure out how to secure my system and patch these cameras, thanks.!
"dead" isn't totally accurate. I am locked out of the admin login which says "invalid password" and "network error". Feed has stopped going to Blue Iris.
Both cameras on Blue Iris feed, I noticed one camera feed stopped 2 weeks ago completely randomly around 3am (DS-2CD2532F-IWS, v.5.20 build). I can see camera online still, try to login and cannot. I get a mixture of "invalid password" and "network error" responses from web page. SADP tool detects camera, can pull all the data from it but cannot change any settings due to invalid password. Eventually I remove the camera and factory data reset, after that I can no longer see the camera on my network (I think because the default IP is 192.0.0.64 out of the range of my network).
I replace the camera with a new DS-2CD2543G0-IS v.5.60 which works fine.
2 nights ago, my other old (DS-2CD2532F-IWS, v.5.20 build) in another location goes down in the same manner. I cannot login, a reboot doesn't fix.
The switch is a POE Linksys, none of my other POE devices have had any trouble. It's on a UPS and we've had no power issues in our new home. Are my cams being hacked? Could the POE be bad? Each camera has it's own dedicated IP via the Router DHCP. All cameras were working perfectly without hiccups before they randomly lock me out.
Thanks for advice, I'll keep skimming this forum for I am new here.
Edit 2: Also found out UpNP was turned on by default (old firmware), so anyone searching my DDNS would see the Hiksvision camera in plain sight, even through the firewall. This is what made both cams of mine vulnerable.
Thanks for the information on this site, without it I would have thrown these fully functionary cameras in the trash. I'll be reading more to figure out how to secure my system and patch these cameras, thanks.!
"dead" isn't totally accurate. I am locked out of the admin login which says "invalid password" and "network error". Feed has stopped going to Blue Iris.
Both cameras on Blue Iris feed, I noticed one camera feed stopped 2 weeks ago completely randomly around 3am (DS-2CD2532F-IWS, v.5.20 build). I can see camera online still, try to login and cannot. I get a mixture of "invalid password" and "network error" responses from web page. SADP tool detects camera, can pull all the data from it but cannot change any settings due to invalid password. Eventually I remove the camera and factory data reset, after that I can no longer see the camera on my network (I think because the default IP is 192.0.0.64 out of the range of my network).
I replace the camera with a new DS-2CD2543G0-IS v.5.60 which works fine.
2 nights ago, my other old (DS-2CD2532F-IWS, v.5.20 build) in another location goes down in the same manner. I cannot login, a reboot doesn't fix.
The switch is a POE Linksys, none of my other POE devices have had any trouble. It's on a UPS and we've had no power issues in our new home. Are my cams being hacked? Could the POE be bad? Each camera has it's own dedicated IP via the Router DHCP. All cameras were working perfectly without hiccups before they randomly lock me out.
Thanks for advice, I'll keep skimming this forum for I am new here.
Last edited:
