Hikvision camera admin password reset tool

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
13,877
Reaction score
5,031
Location
Scotland
I am not overly worried as its just a shot of my garage and nothing exciting happens there..
But - a hacked camera provides quite a neat foothold into your LAN, and all the devices and data on it.

But I am surprised anyone can connect to it as I am behind a NAT firewall have no open ports to my cameras
I'd be willing to bet that UPnP is enabled on the camera(s) - it used to be by default.
And that UPnP is enabled on your router.
That combination allows the camera (or other devices) to instruct the router to open ports inbound without your knowledge.

So are there any known hacks which allow someone to hack into the DVR and change the Camera passwords?
Plenty.
A common one is the 'Hikvision backdoor' which exists in firmware versions 5.4.0 or earlier.

A bit worrying really how they can explot a hack on the cameras when I don't have "routes" (atleast not directly) to them from the Internet.
You will - you just don't know it.
Before making changes, check with Shields Up"!
Use the 'all service ports' scan, and also check port 8000.
 

Jweaver

n3wb
Joined
Apr 14, 2016
Messages
23
Reaction score
1
I'd be willing to bet that UPnP is enabled on the camera(s) - it used to be by default.
And that UPnP is enabled on your router.
That combination allows the camera (or other devices) to instruct the router to open ports inbound without your knowledge.
I edited my post after writing it.. Looked at the UPnP settings on my router and had several ports to my IP Cameras open.. I have never trusted UPnP for this very reason and I am not sure why I turned it on, as I open my ports manually..

But that said, uPNP or not, my DVR is on the public internet (but using a random port) and its only running fw3.3.3 (Its fairly old and I didn't think there were any updates), so I guess this is a bad situation...

For now uPNP is off globally!
 

Jweaver

n3wb
Joined
Apr 14, 2016
Messages
23
Reaction score
1
I just looked at the cameras and whilst the DVR is using a random Port, the cameras are 8000.. I just tried to change them and the GUI is a bit of a mess.> You can't set manual unless uPNP is on.. And when you do you can change the port, and save.. But it goes back to 8000 again.. So I don't know how to change the port on the camera.. And whether there is still a risk now I have uPNP disabled on them (and globally on the router too)
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
13,877
Reaction score
5,031
Location
Scotland
What did Shields Up! show as open inbound?

Worth stating is that obscuring the ports doesn't provide a lot of protection over leaving them as standard.
If you look at inbound probes you'll see they cover very wide ranges.
 

Ironside69

Getting the hang of it
Joined
Feb 20, 2020
Messages
104
Reaction score
17
Location
Trawler Town
When I click on "Get User List" a box comes up saying "the remote server returned an error (404) not found.
 

octav

n3wb
Joined
Feb 10, 2021
Messages
1
Reaction score
0
Location
romania
Hello, I have the DS-2CD2032-I20140715CCWR472070689 camera with Firmware version V5.4.41 build 170312, my problem is not the administrator password but the security code in this case ABCDEF which is not supported by HILOOK online with the following message: weak verification code is not allowed to add devices. Change the device verification code to a more powerful one. or the firmware version that is actually and last does not allow me to change the current decode code. Please help change it. Thanks!
 
Top