Some background information. So this has been an on going thing that's been happening more often as of late. I work for a distributor and we've installed several different camera brands/models through the years. Depending on the system, we will set it up so it can be reached remotely through our own DDNS and port forwarding. We've never had any cameras with open ports have default passwords. As of late and at random with no pattern that I've been able to see, the passwords are getting changed on random devices on different systems. It will often be a singular camera that has it's password changed, resulting in the NVR no longer being able to connect to it. The passwords aren't being defaulted as I still can't get in with default credentials.
If I were to guess, the cameras are being hacked. One thing that may dispute this is that it has happened on one of our older systems, where we did not do any port forwarding. The camera has never had access to public networks, but was still having the password changed, the customer locally was a farmer with no knowledge to change it himself, and without the means as he has his own user account without those permissions. How I usually fix this issue is change the password to default with the Hikvision backdoor tool. Then get into the web interface, update firmware and default the camera and set it back up again, with a completely different password.
This takes me to my current issue. An LTS camera (3 years old) doing the same thing. It does have a non-default HTTP port and it is forwarded in the router. The issue I have is that I can't update the firmware. LTS sent us a camera with newer firmware than what is available on their website. I contacted them and they don't have the same firmware version anywhere. The LTS support person suggested reverting the firmware, but I have a strong superstition that doing so would brick the camera (let me know if this is accurate). Defaulting it alone isn't fixing the problem, as the password will be changed in around 2-3 days again. I'm wondering if anyone has any other ideas or solutions to possibly fix this. The only thing I'm thinking to do would be taking the port off the camera, in case it is getting hacked, and removing the forwarding info from the router. Another thing I have yet to look at is the logs in the camera, and I'm going to do that next time I can remote into a computer that's on site and update this post.
TLDR: Camera's password keeps changing, I can't update/flash FW and am not sure what else to do.
If I were to guess, the cameras are being hacked. One thing that may dispute this is that it has happened on one of our older systems, where we did not do any port forwarding. The camera has never had access to public networks, but was still having the password changed, the customer locally was a farmer with no knowledge to change it himself, and without the means as he has his own user account without those permissions. How I usually fix this issue is change the password to default with the Hikvision backdoor tool. Then get into the web interface, update firmware and default the camera and set it back up again, with a completely different password.
This takes me to my current issue. An LTS camera (3 years old) doing the same thing. It does have a non-default HTTP port and it is forwarded in the router. The issue I have is that I can't update the firmware. LTS sent us a camera with newer firmware than what is available on their website. I contacted them and they don't have the same firmware version anywhere. The LTS support person suggested reverting the firmware, but I have a strong superstition that doing so would brick the camera (let me know if this is accurate). Defaulting it alone isn't fixing the problem, as the password will be changed in around 2-3 days again. I'm wondering if anyone has any other ideas or solutions to possibly fix this. The only thing I'm thinking to do would be taking the port off the camera, in case it is getting hacked, and removing the forwarding info from the router. Another thing I have yet to look at is the logs in the camera, and I'm going to do that next time I can remote into a computer that's on site and update this post.
TLDR: Camera's password keeps changing, I can't update/flash FW and am not sure what else to do.
