HIKVISION DS-2CD2042WD-I 4MP Lost settings now email broken!

[CK IP Camera]

Hi,
I've had the above camera for a while and its worked fine. Yesterday it stopped sending emails and showing live feed. I used SADP and it showed as inactive so I made it active and live feeds came back but it had lost all of its settings so email wasnt working.
I'm trying to re-enter the settings but I cant get email working. Test started with 'Failed to connect the test server' and I've managed to move this onto 'Testing failed' by changing the IPv4 Default Gateway to the same as my Router which I would think suggests the smpt server can now be reached. I did this because I had a new BT router a few weeks ago but the Camera worked fine with this up to yesterday.
I note from a previous post of mine that I had to disable SSL for my ISP but I've tried that both ways.
Any advice would be greatly received as this is driving me mad!!

 

[CK IP Camera]

Fixed it. I describe fix for any others coming across this post.
As mentioned above ISP (123Reg) doesnt like SSL so I disabled it BUT the Port needs to be 25 for this to work.
I'll backup this configuration ready for the next time it loses it's configuration!

 

[alastairstevenson]

I'll backup this configuration ready for the next time it loses it's configuration!

Does the camera have UPnP enabled, and is it enabled on the router also?
And what is the firmware version on the camera?
If UPnP is active, or port forwarding has been configured, and the firmware is 5.4.0 or earlier, the camera has the 'Hikvision backdoor vulnerability' and may be accessible from the internet and so would be vulnerable to being hacked.

 

[CK IP Camera]

Yes to all and only V5.3.3.
Whats the best action? Disable UPnP or upgrade firmware?

 

[alastairstevenson]

Whats the best action? Disable UPnP or upgrade firmware?

Most definitely disable UPnP in both camera and router.
When enabled, it lets the entire internet in to the camera.

But first it would be interesting to check inbound open ports.
Use ShieldsUp! and do the 'All service ports' scan, and then specifically port 8000 which is the Hikvision command&control port.

GRC | ShieldsUP! — Internet Vulnerability Profiling

GRC Internet Security Detection System

www.grc.com

Then after you've disabled UPnP, and restarted the router to flush the port forwarding, repeat the test.

upgrade firmware?

This would be a good move if that's not a Chinese camera (eg CCCH in the serial number).
The 5.4.5 or 5.4.41 have the backdoor vulnerability fixed.

DOWNLOAD EU PORTAL

www.hikvisioneurope.com

 

[CK IP Camera]

It's not a chinese model so I'll upgrade the Firmware.

The ShieldsUp! UPnP Internet Exposure Test gave:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
Does that mean there's any point in disabling UPnP? That would suggest it's safe to me.

All service ports' scan gave:
GRC Port Authority Report created on UTC: 2021-01-06 at 15:59:53
Results from scan of ports: 0-1055
0 Ports Open
1 Ports Closed
1055 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.
The port found to be CLOSED was: 80
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

 

[alastairstevenson]

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
Does that mean there's any point in disabling UPnP? That would suggest it's safe to m

That's not relevant when the UPnP configuration problem is internal to your network.

The port found to be CLOSED was: 80

All ports should be stealthed.
That's the likely way in for the hack.

Did you test port 8000?

 

[CK IP Camera]

8000 was Closed

 

[alastairstevenson]

8000 was Closed

OK, that's good.

The port found to be CLOSED was: 80

You will see this disappear when you re-test after reconfiguring.
And the reset to defaults should not recur.

 

[CK IP Camera]

8000 Does go to Stealth now. Does that mean I can't access the camera remotely any more?

One thing I have found is that the updated HIKVISION app doesnt seem to have Export Config File any more even though it still has Import. Is it doing something clever like an autobackup whenever I change a config setting?

 

[alastairstevenson]

8000 Does go to Stealth now. Does that mean I can't access the camera remotely any more?

Presumably you mean port 80 is now stealth?
It means the hackers can no longer mess with the camera.
Were you accessing the camera web GUI from the internet?
'Port forwarding' is risky, best set up a VPN if you need remote access.
Check out How to Secure Your Network (Don't Get Hacked!)

the updated HIKVISION app

What app is that?
In the camera web GUI, you will be able to export the device parameters in the System | Maintenance menu.
Worth doing after a firmware update, as configuration file structures vary across firmware versions.

 

[CK IP Camera]

This is the system maintenance page in the Web GUI:

 

[alastairstevenson]

Information export / Device parameters

 

[CK IP Camera]

Port 80 was Stealth too.
Backup completed!
Many thanks for you help Alastair, it's much appreciated.