Hikvision Cameras Defaulting? [Upnp Facilitating Hacks]

Undisclosed Integrator #1

Hi, We seem to have certain sites of ours with Hikvision cameras just resetting to factory defaults? Has anyone seen this themselves?

So far three sites this week? It’s only just started to happen. We upgraded the f/w and reset the admin password,reset the IP to what is required, but they drift back to factory default? VMS is Milestone

[IPVM Note: After this discussion and suggestions provided, integrator followed up:

Hi, Issue found - firmware level is lower than required to prevent these hacks as suggested. Also uPNP was on so they were in effect available on the internet.. We tested and proved remote access to the camera with no human entered port forwards

All locked down now.

]

Login to read this IPVM discussion.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Undisclosed Integrator #2

10/17/17 09:24pm

**** ******** *** *** ******** **?

Undisclosed Integrator #1

In reply to Undisclosed Integrator #2 | 10/17/17 09:33pm

* ***’* **** *** ***** ******* * *** **** **** out, **** * ***** ** *** **** ** **** ** it “*** *** ******* *** *** *** *******” :)

Undisclosed Integrator #2

In reply to Undisclosed Integrator #1 | 10/17/17 09:54pm

******** **** ** *** ** ***** **.*.* *** ***** *** port ********** ***** *** *** ****** ** **** ****** ***** hacked *** *** ** ****** *******.

Undisclosed Distributor #5

In reply to Undisclosed Integrator #2 | 10/18/17 02:28pm

**** *** ******* ** ** **** * ****, ****** ***** my **** *****. ******* ** *** ** ***** ** **** fw *******

Undisclosed Integrator #2

In reply to Undisclosed Distributor #5 | 10/18/17 02:52pm

*** ****** ***:

** ******* *** ****** ****** *** ** ******* *** ******/*****. It *** **** ******** ** *** ***** ******* ** **** his ****.
**** * **** ** *******. ** *** ** ******* ** FW **** **** **.*.* *** **** **** **** ********** ***** for *** ****** ** ** ********** ** *** **** ****** exploit. ***** *** * ***** *** ********.

Jonathan de Chateau

In reply to Undisclosed Integrator #2 | 10/18/17 02:57pm

******* ******* *** ** * *** *** ***** *** *** coming ****, ***** *****

Undisclosed #3

10/17/17 09:32pm

*** *** ******* ********** **** ********?

Undisclosed Integrator #1

In reply to Undisclosed #3 | 10/17/17 09:43pm

****** * ******, ********* ******.

Undisclosed #3

In reply to Undisclosed Integrator #1 | 10/17/17 09:54pm

*** *** ******* ******** ********** *** ** *** ******** ** all ** *** **** ****?

** ** ****** ********* *****'* **** ******** ** ** **** it *** **** *** ******* ********** *** ****, * *** wondering ** ******* **** ** ***** **** ** ****. *** there **** ******** ** ***** ** ****** *** ******* ****** the ******? ***** ** *** ******** ******* ** **** ** recent ****** ** **** ************* ******* *** *** ****** ***** that **** ******* ***** ********.

Undisclosed #4

In reply to Undisclosed Integrator #1 | 10/18/17 12:24am

** **** ****** ******* ** ******** ******?

Undisclosed Integrator #1

In reply to Undisclosed Integrator #1 | 10/18/17 07:41am

******** **** *** ** ********. * ****** ** *** ******* have **** *******?

Undisclosed #3

In reply to Undisclosed Integrator #1 | 10/18/17 07:49am

** ****'** ************ ******* *** ****** *** **, ******* **** from *** ****** **********. *'* *** **** ** **** **** with **** *******, *** **'* **** ********.

John Scanlan

IPVM | IPVMU Certified | In reply to Undisclosed #3 | 10/18/17 02:12pm

** ******* ** ***** **** *** ******* ***. ********/***** **** ****** *** ******* ** *******, ***** *** ***** models *** ***.

Undisclosed Distributor #5

10/18/17 12:22pm

**** ***** *** *** ***** **** ***?

** ** ** *** **-**********-* *****, ** **** *** ***** where *** **-**** *** ****** *** *** *** *** **** upside ****. **** ****** *** ****** ** **** ** *** reset ****** *** ******* **** *** *** **********

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 01:22pm

** **#*,

* **** ******* *** ** *** ***** *** *** *** is ************, *** *** *** *** ** **** ****** **** without ******** ** **** *** *****? **** *** ****** ** the *** ****'* ******* ** *** ****** ****** ** **** sides.

**** *** ****** *** * ******* ** *** **-****. ** upside ****, ******'* *** ******* ** *** ** *** ***** button *** *** ******* **?

** ***** ** **-**********-*.

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 01:45pm

*** ****'* *** ***! *** *** *** **** ** **-******* in *** ***, *** *** ****** ** *** *** *** be *** **** *** ***** ***. *** ** *** *** a *******, **** **

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 01:48pm

* **** **** ********* **. *** ***** **** *** **** be ******* ** *** ***, *** ****** *** ** **-******* the ***** ***

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 01:56pm

** **** ***** * *** ** ***** ***. *** ** try ** ** ****** ** *** ** * *** ********* this *****.

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 02:39pm

**** *** ***** ** **********.

******* * **** ** *** ******* ** **** ****** ***** they ******* *** ****** ** **** *** *** "******" ** the ****** *** ** *******, **** ***** *** ******* ** the ****** ** ********* ** **-**** *** ***** ******. **** are ******* ** * **** ******* ** *** *** ******* and **** *** ** *******. ********, *** ******** ** *** lit ** ****** ** *** **** **** *** ***.

** ********** **, *** ******* **** ***** *** ******* ***** design. * ***'* ***** *** *** ***** ********* **** *****.

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 02:56pm

** ******** ******** * ******** ** *** ****** ** *****, also * ******** *****, *** ***** *** *** ***** *** rectified. **** ** ******!

Undisclosed Integrator #7

10/18/17 03:05pm

* *****'* *** ********* ******* ** ******* *** * ******** to **** * ***** ***** **** * ********* ******* ********* to ** ***** ***. ******** * ****** **** *** **** through *** *** ** *** ********* ****** ** ***** ***** away. **** ** ** ******* ***** ***** *** ******* *** recording ** *** *** *** **** ****** ** ***** ** a ******* ***** * ******* ***** ** *** * **** time *** **** ******* ** *** ****** ******.

Undisclosed Integrator #1

10/18/17 04:58pm

**, ******* ****** ***** *** *** ******..

Undisclosed Integrator #1

10/18/17 05:41pm

**, ***** ***** - ******** ***** ** ***** **** ******** to ******* ***** ***** ** *********. **** **** *** ** so **** **** ** ****** ********* ** *** ********.. ** tested *** ****** ****** ****** ** *** ****** **** ** human ******* **** ********

*** ****** **** ***.

* *** ***** *

Discussion	Posts	Latest
Caption This Video (2) Started by Jason Spielfogel	2	1 minute by Undisclosed Manufacturer #1
Recommendation For IP Camera In Walk-In Freezer (3) Started by Shaun Bannon	3	1 minute by Undisclosed #1
Who's Using Intel Openvino For Video Surveillance Analytics? (3) Started by John Honovich	3	less than a minute by John Honovich
New iPad Vs Monitor For In-Wall Viewing? (4) Started by Ty Mullen	4	2 minutes by Ty Mullen
Seeking Recommendations For ALPR System For Upscale Neighborhood? (17) Started by Mark Davis	17	less than a minute by Jay Hobdy

Discussion

Posts

Latest

Caption This Video (2)

Started by Jason Spielfogel

1 minute by Undisclosed Manufacturer #1

Recommendation For IP Camera In Walk-In Freezer (3)

Started by Shaun Bannon

1 minute by Undisclosed #1

Who's Using Intel Openvino For Video Surveillance Analytics? (3)

Started by John Honovich

less than a minute by John Honovich