Grey Market Hikvisions on 5.25 and PCNVR

nambi

Getting the hang of it
Jul 2, 2014
101
3
I have grey market cams many are different versions but I have about 20 of them they are on 5.25 and I have been using them with PCNVR (discontinued) I didn't open ports in the firewall except to the PCNVR software.

Knowing that that this old FW is hackable I would like to update them but they are grey market. Chinese versions (ali express purchases).

If I run them into PCNVR am I safer? I only open the port to PCNVR and therefore the cams are not accessible to the net directly.

Are there known security flaws in hikvision PCNVR.

Some people claim they put English FW on some grey market Hik's without issues I may try it on one to see, but if I'm more protected using PCNVR then I may not try,

If I use Blue Iris latest with these am I then protected since it's the NVR software exposed to the net instead of the vulnerable cams themselves.
 
Last edited:
If I have UPNP disabled would I still need to be concerned with my current setup?
 
Look you can update the chinese grey market with the upgrade tool process above.

Its a bit of work even for us IT guys.

If your Modem and NVR and Cameras all have UPnP turned off and no port forwarding it is safer.

But what I did after being hacked and losing the admin access twice was use a modem with a VPN server capability.

So I turned everything off upnp port forwarding and the only way I can access my network is via VPN into the modem and the access device needs the certificate to access.

The safest thing is connect your cameras to the NVR and then dont connect that network to your modem/ internet.

Your pretty safe if you do that.

Else VPN and you could live with old firmware.
 
OK Thanks

Right now I have my UPNP turned off on my routers, I have VPN access to but I have always left the port open to the Hik PCNVR because to view was easier.

I can't access the cams directly I need to view them from the NVR.

I haven't found any documentation about security flaws in Hikvision PCNVR 1.03.06.02 this would be where my outside connection and port is forwarded to.

I'll try to update a few cams but they are all mounted, if I run into problems I assume I will need to unmounted them. I'll try the ones I can access the easiest.

when you want to view the cams on your phone do you use vpn on your phone connect then connect to the cams?
 
Look i would disconnect the port forward.

Since you already have vpn, then make it a 2 step process to vpn into remote network and the ivms or web port 80 to the nvr.

You can get to the cameras via feature "virtual host" bit of mucking around but some threads here on connecting to cameras with nvr, and I posted one for VPN to network and cameras.

I openvpn from my phone and then im on the local network to connect direct via ivms or tinycam.

rgs
 
ok thanks for the advice.

Tried to update one of my cams through the web interface it locked up I was able to reboot it via PCNVR and it is back to normal same old FW. I may try again via PCNVR since there is an update through it but since it's grey market not sure if I want to bother, I may just make it unusable when it's working right now .
 
the only reason i did the brick fix update was to get gmail email working with release 4.5 i think it was.

many people have done it. its not insignificant but the guys have done a good method detail.

i did 3 grey market cubes and gave me gmail back and got rid of the vunerability.

If you have a vpn as ONLY access id feel pretty safe if you leave them with old versions.
 
  • Like
Reactions: alastairstevenson