Triaging usefulness of older NVR and cameras

[RyanMM]

I recently came into possession of a set of cameras and NVR from a client who had upgraded his whole system and had no use for the equipment.

I'm trying to determine if it's worth keeping for possible re-use or if the equipment should be scrapped entirely. My concern is that the equipment is pre-2017 Hikvision stuff with firmware versions prior to the discovery of vulnerabilities and I don't have any way to determine if these were grey market and can be safely upgraded to more recent firmware or not. I've tried to skim threads on how I could go about determining this but have struck out so far, so I'm hoping for some guidance.

The cameras are model DS-2CD2135F-IS. They have English and Chinese on their info labels and the firmware version installed on the cameras appears to be slightly older than what the label indicates:



Based on my understanding of the vulnerabilities, I would need to update to a newer firmware to safe with these ones, but I'm unsure if I'll be able to safely update these without bricking them.

As for the NVR. It's model # DS-7716N-E4 / 16P and lists V3.4.80 build 160718 as the firmware on the device. No firmware is listed on the product label.



Is there any way for me to determine whether it will be safe to flash these with newer firmware? If so, what firmware versions am I best off with and where's the safest place to get that?

Any guidance would be greatly appreciated!

 

[looney2ns]

The Hikvision company websites would be the place to look for firmware. Hikvision US | The world’s largest video surveillance manufacturer

 

[RyanMM]

The Hikvision company websites would be the place to look for firmware. Hikvision US | The world’s largest video surveillance manufacturer

I started there but for one, I couldn't find the exact model of my units represented.

They're close but I have no way to know if it will work on my units, and I don't want to brick something. I was hoping for some guidance for how I can determine whether these are gray model units, whether they are properly configured to use US firmware, whether or not I'm going to have an issue because the model numbers are not identical to what I'm seeing on the Hikvision site, etc.

 

[alastairstevenson]

the NVR. It's model # DS-7716N-E4 / 16P

That's a Chinese NVR, judging from the -N as opposed to the -NI suffix, and likely running modded firmware to give EN menus.
I'd expect a firmware update would give the '15 beep bootloop' brick result.

The cameras are model DS-2CD2135F-IS

I do believe these are also Chinese cameras, again running modded firmware. Confirmation would be if the serial number contains the letters CCCH in the section just past your screenshot.
I'd expect a firmware update to be rejected, and you won't find a compatible version available online.

That kit is still perfectly usable as-is, in my view, despite being behind current standards, it's not that bad.

 

[RyanMM]

That's a Chinese NVR, judging from the -N as opposed to the -NI suffix, and likely running modded firmware to give EN menus.
I'd expect a firmware update would give the '15 beep bootloop' brick result.


I do believe these are also Chinese cameras, again running modded firmware. Confirmation would be if the serial number contains the letters CCCH in the section just past your screenshot.
I'd expect a firmware update to be rejected, and you won't find a compatible version available online.

That kit is still perfectly usable as-is, in my view, despite being behind current standards, it's not that bad.

They say BBCH just before the string that seems to correspond with the serial # below the barcode on the pic above. What's that mean?

The fact the firmware on these predates the 5.4.5 build that resolved the password vulnerabilities isn't something you'd be concerned with in a commercial installation as long as the cameras are quarantined from access outside of the NVR VLAN?

Would your method in this thread be a doable one for this model NVR to at least get the NVR to newer firmware?

 

[alastairstevenson]

They say BBCH just before the string that seems to correspond with the serial # below the barcode on the pic above. What's that mean?

I believe the CH in that string means they are Chinese cameras.

The fact the firmware on these predates the 5.4.5 build that resolved the password vulnerabilities isn't something you'd be concerned with in a commercial installation as long as the cameras are quarantined from access outside of the NVR VLAN?

Agreed, provided also there are no internal attackers to be concerned about.

Would your method in this thread be a doable one for this model NVR to at least get the NVR to newer firmware?

It would - if the 'bootpara data' is held in plaintext as opposed to being encoded. That could be readily inspected with a connection to the serial console.
Hikvision recognised the ease with which Chinese NVRs could be changed from Chinese language and region and implemented some rather messy coding to inhibit that simple tweak.

 

[RyanMM]

I believe the CH in that string means they are Chinese cameras.


Agreed, provided also there are no internal attackers to be concerned about.


It would - if the 'bootpara data' is held in plaintext as opposed to being encoded. That could be readily inspected with a connection to the serial console.
Hikvision recognised the ease with which Chinese NVRs could be changed from Chinese language and region and implemented some rather messy coding to inhibit that simple tweak.

Got it! Thanks, I'll see if I have any luck making a serial connection with this thing.