IPC-HDW5231R-ZE Rhea V2.800.0000016.0.R.200430 Latest new firmware

Dramus

Pulling my weight
Joined
May 7, 2019
Messages
323
Reaction score
229
Location
New Jersey
It may have been in this thread that I noticed the firmware files Andy had a link to and a member, were not of the same size.
Precisely my point.

Not that I don't trust @IAmATeaf or suspect he'd purposely post wonky firmware, but stuff happens. E.g.: I've had Firefox partially download stuff with no warning the download didn't complete properly many times over the years, over several versions, on multiple platforms. All it would take is something incomplete or with some corruption, coupled with poorly-coded update firmware, and you'll have a brick.

I, as well as others, have said this before and it is worth repeating:

A common theme around here is don't fix what ain't broke.
Indeed. Though I do somewhat disagree with this point:

If your cameras are isolated from the internet, you do not need to run any firmware updates to the camera that come out as a result of a security patch.
That is arguable. I expect you'll find very few network security types--those who eat, sleep, and breath network security, to agree with that position.

NO network security type worth his/her/other salt would ever suggest any network they manage is bullet-proof. We (and I use "we" because that's one of the things I used to do for a living) always assume there are vulnerabilities of which we're not aware. Places we've slipped up. And that somebody out there will find and exploit those weaknesses. Thus people like us are not inclined to let known vulnerabilities exist if we can avoid it.

That being said: I've been slowly upgrading my v05 firmware to v16 - letting it "cook" a month or so, at least, in each camera before moving on to the next--primarily because my cameras with v05 have been fairly regularly spontaneously rebooting themselves ever since I configured-in tripwires and intrusion zones. v16 seems to mostly end that behavior.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,433
Reaction score
47,556
Location
USA
@Dramus - I am certainly not claiming to be a network security expert, but please elaborate on how a camera that is isolated from the internet (like in a dual NIC system or VLAN) is a real risk? Are you implying it is the same risk as port forwarding, P2P, UPnP?

The main risk of camera breaches is to use one's internet as a DoS attack or get into your network to steal banking info, etc., so if they have got past the router and computer with active current antivirus protection (assuming the owner hasn't also blasted a hole through with port forwarding or some other insecure method), they are into your network at that point and whether the camera is secure or not is a moot point. Port forwarding blasts a whole through the router and then relies on the security of the device the port forward is going to and these cameras have shown to have poor security measures in place. Ironic isn't it.

The whole premise of blocking cameras from the internet is to prevent an easy way for the cameras to phone home and to prevent someone from exploiting the security vulnerabilities of the camera to use your internet for ill intent.

It is allowing the cameras access to the internet that allows this to happen:


And how does that happen? Because our government forbid government agencies from using Chinese brand cameras like Dahua and Hikvision because the government believed they could be used to be spied on by the Chinese government (and that part may be true), when in fact they should have been looking at what the real issue is, and it is that allowing cameras easy access to the outside world as that provides the same risks and will be same regardless of who makes a camera. Cameras need to remain off the internet, only allowing access through devices that have more recent security and antivirus protections in place than the firmware of the camera.

Can VPN be hacked....probably...as easy as the security in a surveillance camera...I doubt it.

An ideal system would truly be CCTV with ZERO way to access it from the outside - no common computer than is connected to the internet - truly a closed system. And sure anything connected to the internet can be breached, but short of true complete isolation, isolating the cams from the internet via VLAN or Dual NIC systems and additional measures (like also blocking their IP or MAC in the router as an example) and VPN into the system when away is A LOT more secure than simply plugging your cameras into a router and giving it unrestricted access to the internet and port forwarding to see the cameras when away from home.

So please elaborate and tell us how to be more secure as that is what we all strive for on here and to learn from others. If you have a better and more secure way than many here are doing, we would love to hear about it....
 
Last edited:

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
For me personally, v16 is the best of a bad bunch for me with IVS enabled. I’ve tested and compared the last 3 releases on my cams.
 

Dramus

Pulling my weight
Joined
May 7, 2019
Messages
323
Reaction score
229
Location
New Jersey
@Dramus - I am certainly not claiming to be a network security expert, but please elaborate on how a camera that is isolated from the internet (like in a dual NIC system or VLAN) is a real risk? Are you implying it is the same risk as port forwarding, P2P, UPnP?
I'm not implying it's the same risk as anything. What I am asserting is that it is undeniably true that neither you, I, nor anybody can possibly know of all the threats that exist on our networks, thus it is arguably wise to eliminate all threats of which we are aware.

One day I was sitting out back in the lab area working on some-or-another bit of software. At the time I was still dividing my time between software engineering and system administration. One of my software engineering colleagues wanted me to allow some-or-another access to the network--I no longer recall what--and didn't see the harm in it. I pointed out to him that, yes, what he wanted seemed innocuous on the face of it, thought about it, and explained to him how that "innocuous" thing, coupled with a couple other innocuous-looking things, each of which he agreed were equally innocuous, could result in the three being "chained together," so to say, to create a breach. He was literally speechless for a moment. "I never thought of it that way," he replied.

He never questioned my edicts after that ;)

So please elaborate and tell us how to be more secure as that is what we all strive for on here and to learn from others. If you have a better and more secure way than many here are doing, we would love to hear about it....
Heh. I guaran-fracking-tee you the vast majority of users here would not be inclined to follow my security stance


Let me give you a very small taste that can't, or shouldn't... uh... cause trouble here, because the protocol is Officially Dead (and Thank God!): Adobe Flash. No device has ever existed on my home network with Flash on it. At least not any longer than it took to delete it. When I was still the BOFH at work (Bastard Operator From Hell - for those who don't know the Internet lore: Look it up) I successfully campaigned to have it utterly banned from the corporation's PCs and to have our corporate web site re-designed to eliminate it.

Let me make something clear: I'm not asserting my network security is any better than yours or anybody else's here. All I'm saying is we have different views as to what constitutes wise network security policy and that, in this particular aspect, that being the wisdom of updating devices known to have vulnerabilities, I believe few, if any, network security professionals would disagree with my stance.

Would I have updated my perfectly-functioning Dahua cameras for security vulnerabilities which probably wouldn't have been a threat to my network? Dunno. I was still debating with myself about it when the question became moot.

@Dramus a few users have reported restart issues with v16.
Yes, I know.
 

sjamieso

Young grasshopper
Joined
Dec 13, 2017
Messages
54
Reaction score
19
Good morning, I have been updating the firmware of my HDW5231RZ starlights this morning, but when it csame to do my bullet camera and mini-dome and (dual mini dome) they would not display the model number in the config tool, or the IP camera login page under general. Ii just says "IP Camera" where it is supposed to say model number.

The other cameras updated to the newer firmware and started to display their model number.

I was trying to search by firmware as well to see what it might be assigned to with no luck.

Here are the 8 camera firmware versions I have;

ip camera.PNG
Short of dis-mounting my last 4 cameras to establish if they are even compatible with the firmware update, does anyone have any suggestions?

Any pointers would be great, first time upgrading firmware as Andy indicated it was an important security update so I want to so it right, so far so good.
 

Dramus

Pulling my weight
Joined
May 7, 2019
Messages
323
Reaction score
229
Location
New Jersey
I've added an MD5 has string to my post where I uploaded the v15 bin, should help to confirm that the file has successfully downloaded correctly.
Would be nice if we could get MD5 hashes from one or two others, who acquired their binaries from Andy or elsewhere, for verification.
 

Juristo

n3wb
Joined
Sep 28, 2015
Messages
11
Reaction score
2
Where can I find 13 and 15? I check the earlier thread and it seem the file drop box is deleted
I need these too. 16 reboots my cameras and reverts the sub steam back to default settings at least once a day. That and I it keeps trying to dial back to China.

Has anyone successfully put the Amcrest firmware on the IPC-HDW5231R-ZE?
 

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
I need these too. 16 reboots my cameras and reverts the sub steam back to default settings at least once a day. That and I it keeps trying to dial back to China.

Has anyone successfully put the Amcrest firmware on the IPC-HDW5231R-ZE?
How many cams do you have that are randomly restarting? None of mine restart, I did reset them to default a number of times after applying the firmware.

The substream resetting I have with all of my cams, so substream 1 resets to default and substream 2 becomes disabled.
 

juliand

Getting comfortable
Joined
Apr 9, 2019
Messages
386
Reaction score
565
Location
S.E.Fla.
Glad I stayed with this version for the 2 I have. works fine here..

V2.800.0000013.0.R, Build Date: 2019-12-02
 

Dramus

Pulling my weight
Joined
May 7, 2019
Messages
323
Reaction score
229
Location
New Jersey
I have never had either the main stream nor sub-stream 1 reset, on any of our Dahua cams, any firmware revision, with our Synology Surveillance Station NVR.
 

Juristo

n3wb
Joined
Sep 28, 2015
Messages
11
Reaction score
2
How many cams do you have that are randomly restarting? None of mine restart, I did reset them to default a number of times after applying the firmware.
Two out of five reset regularly. I downgraded to v15 today though which seemed to solve the substream persistence issue. Now I don't really care if they reset since I won't have to reconfigure them each time.
 

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
I have never had either the main stream nor sub-stream 1 reset, on any of our Dahua cams, any firmware revision, with our Synology Surveillance Station NVR.
For me with v16 if you change any of the properties on substream1 or enable substream 2, after a restart, substream 1 has reset back to default values and substream 2 is disabled.

All 6 of my 5231-ze cams do this as I’ve tested this on all. I used to use the 720p substream on substream 2 but now have set BI to just use substream 1 in case the cam ever reboots by itself.
 

Dramus

Pulling my weight
Joined
May 7, 2019
Messages
323
Reaction score
229
Location
New Jersey
For me with v16 if you change any of the properties on substream1 or enable substream 2, after a restart, substream 1 has reset back to default values and substream 2 is disabled.
Well day-um :(

I just tested the two 5231s I upgraded to v16, and damned if you aren't right: Configure substream 1, reboot the camera, and bam: Right back to default values. Not very handy.

@EMPIRETECANDY: Any chance you can persuade Dahua to fix this bug and do a new release?
 

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
If they are going to fix this then also substream 2 being disabled on restart, if that could also be fixed
 

holiday

Pulling my weight
Joined
Sep 12, 2018
Messages
273
Reaction score
182
Location
Having a holiday
ok so... i didnt update.. so no issues for me! :D


Code:
Device Type
IPC-HDW5231R-ZE
System Version
2.622.0000000.31.R, Build Date: 2018-08-13
 

alekslyse

Getting the hang of it
Joined
Dec 15, 2017
Messages
135
Reaction score
45
I can report the same issue on 16 - substream 1 reset and substream 2 reset / disabled. A huge problem for AI / face / object detection that should not use main stream
 
Top