IPC-HDW5231R-ZE Rhea V2.800.0000016.0.R.200430 Latest new firmware

gbonny

n3wb
Joined
Jun 24, 2018
Messages
17
Reaction score
10
Location
Netherlands
Has anyone tried DH_IPC-HX5X3X-Rhea_MultiLang_PN_Stream3_V2.800.0000026.0.R.220822 on the HDW5231R-Z(E) yet?
Its downloadable from the Dahua download section HDW5431R-ZE. Readme says: Supported Devices: HX5X3X,HX4X3X
 

carteriii

Pulling my weight
Joined
Jan 8, 2016
Messages
146
Reaction score
156
Location
USA
Yes, I have been successful using that firmware on 3x HDW5231R-ZE as well as 2x IPC-HDW4831EM-ASE and one IPC-HDW4231EM-ASE (all of which provide the same download on Dahua's site). All were successful BUT . . . I always try to remember to stop BI from recording during an update (so the camera isn't trying to stream while updating at the same time) and reboot the camera before updating. I forgot to reboot one of the cameras before trying the update and coincidentally (maybe?) it failed. By "failed", I didn't get an error but after the device rebooted at the end of the process, it still showed the same old firmware version. So I tried again, and on the 2nd attempt (after the reboot) the firmware was applied just fine.

I did back up my settings files and I was prepared to import them or factory-reset & type everything in from scratch, but so far everything has been working fine without doing any factory reset.
 

Wael

Getting the hang of it
Joined
May 9, 2019
Messages
125
Reaction score
33
Location
California
I'm not seeing it in the Dahua section on this site. Has it been removed or do you have a direct link?
 

carteriii

Pulling my weight
Joined
Jan 8, 2016
Messages
146
Reaction score
156
Location
USA
What does this new firmware offer?
For me, it was security. My "Security Baseline" was V1.4, and this is V2.0. What does that mean? I don't know and I don't expect Dahua to tell us. Was it necessary to upgrade? Perhaps not, since nothing for me was broken. Previously I was running firmware over 2 years old, decided to try it on one camera, and it worked, so I kept going. That does not mean it's the right course of action for everyone.

I do think the web UI became a bit more stable, but I've seen nothing specific that talks about that. That's simply my subjective opinion.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,549
Location
USA
For me, it was security. My "Security Baseline" was V1.4, and this is V2.0. What does that mean? I don't know and I don't expect Dahua to tell us. Was it necessary to upgrade? Perhaps not, since nothing for me was broken. Previously I was running firmware over 2 years old, decided to try it on one camera, and it worked, so I kept going. That does not mean it's the right course of action for everyone.

I do think the web UI became a bit more stable, but I've seen nothing specific that talks about that. That's simply my subjective opinion.
If your cameras are isolated from the internet, then updating security baseline means nothing. And always keep in mind that an update can do away with a feature you are currently using. We have seen autotracking be deliberately removed in an update and APIs change with an update, which is problematic for those that use it.

Firmware can get wonky after while and a simple factory reset can make the UI more stable.
 

gbonny

n3wb
Joined
Jun 24, 2018
Messages
17
Reaction score
10
Location
Netherlands
If your cameras are isolated from the internet, then updating security baseline means nothing.
It all depends on the definition "isolated".. but I tend to disagree here. It could mean "everything". >99% of the audience on Internet aren't network experts and aren't security experts either (I won't say I am one).

There are probably several commonly used libraries used in Dahua's firmware which are pretty vulnerable after two years. So when there are no ports forwarded (IPv4 NAT: either manually or via UPNP) from the Internet on your home router to your unpatched camera (could be a definition of "isolated"). Then someone (your dad/friend/etc) enters on the same network at your home, where your Dahua camera resides, with an (knowingly/not knowingly) malware infected device: it still can infect your unpatched Dahua camera locally. Off course this is only one scenario, you can think of several probably.

The chain of security is as strong as the weakest link. So I prefer and would advise to keep things up to date when possible, from a security perspective. But hey, who am I?! Everyone has to make his own choices off course..
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,549
Location
USA
It all depends on the definition "isolated".. but I tend to disagree here. It could mean "everything". >99% of the audience on Internet aren't network experts and aren't security experts either (I won't say I am one).

There are probably several commonly used libraries used in Dahua's firmware which are pretty vulnerable after two years. So when there are no ports forwarded (IPv4 NAT: either manually or via UPNP) from the Internet on your home router to your unpatched camera (could be a definition of "isolated"). Then someone (your dad/friend/etc) enters on the same network at your home, where your Dahua camera resides, with an (knowingly/not knowingly) malware infected device: it still can infect your unpatched Dahua camera locally. Off course this is only one scenario, you can think of several probably.

The chain of security is as strong as the weakest link. So I prefer and would advise to keep things up to date when possible, from a security perspective. But hey, who am I?! Everyone has to make his own choices off course..
So would you update the Dahua 49225 PTZ and accept losing the ability for it to autotrack as Dahua deliberately removed it with firmware updates? Hikvision did the same thing with their DS-2DEA425IW-DW PTZ. Hikvision removed the the ability for a plate reading camera to read USA plates, which is a big deal if you are in the USA.

I get what you are saying, but most here have their cameras on a completely separate IP address subnet thru either a VLAN or dual NIC setup. Someone can come in and connect to my internet and cannot access the cameras as they are not on the same network as my internet. No IP scanner tool will find the cameras. Further, nobody is connecting hard-wired into my system. If they connect, it is thru the guest wifi that is isolated.

These same people also do not have Alexa and other IoTs in their house.

When I say isolated, I mean thru either VLAN or dual NIC. Some will consider their cameras isolated from the internet if they have blocked their IP and MAC address in the router or implemented the parental controls feature in the router, but the cameras all have the same IP address subnet as everything else. Maybe in that scenario your hypothetical is correct.

But if there are no update notes on what is being provided in the update, it is wise to wait and see what others experience before taking that jump. We literally have dozens, if not hundreds, of threads started when people updated their 49225 PTZ and lost autotracking.
 
Last edited:
Joined
Aug 8, 2018
Messages
7,386
Reaction score
25,889
Location
Spring, Texas
It all depends on the definition "isolated"
That is true.

When I say my cam LAN is isolated from the rest of my LAN and the internet, it means that there is no physical connection from my cam LAN to the rest of my home LAN. There is no physical connection to the internet. I do not even have a WIFI connection to the cam LAN.

The only way for someone to access my cams is to enter my house and plug into a jack that is on the cam LAN. There is no way for my cams to access the internet or any part of my home LAN. There is no way for any person or IOT device on my home LAN to access the cam LAN.

For this reason, I do not update cam firmware to solve security issues.
 
Top