Hikvision Cameras Defaulting? [Upnp Facilitating Hacks]

Undisclosed Integrator #1

Hi, We seem to have certain sites of ours with Hikvision cameras just resetting to factory defaults? Has anyone seen this themselves?

So far three sites this week? It’s only just started to happen. We upgraded the f/w and reset the admin password,reset the IP to what is required, but they drift back to factory default? VMS is Milestone

[IPVM Note: After this discussion and suggestions provided, integrator followed up:

Hi, Issue found - firmware level is lower than required to prevent these hacks as suggested. Also uPNP was on so they were in effect available on the internet.. We tested and proved remote access to the camera with no human entered port forwards

All locked down now.

]

Login to read this IPVM discussion.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Undisclosed Integrator #2

10/17/17 09:24pm

**** ******** *** *** ******** **?

Undisclosed Integrator #1

In reply to Undisclosed Integrator #2 | 10/17/17 09:33pm

* ***’* **** *** ***** ******* * *** **** **** out, **** * ***** ** *** **** ** **** ** it “*** *** ******* *** *** *** *******” :)

Undisclosed Integrator #2

In reply to Undisclosed Integrator #1 | 10/17/17 09:54pm

******** **** ** *** ** ***** **.*.* *** ***** *** port ********** ***** *** *** ****** ** **** ****** ***** hacked *** *** ** ****** *******.

Undisclosed Distributor #5

In reply to Undisclosed Integrator #2 | 10/18/17 02:28pm

**** *** ******* ** ** **** * ****, ****** ***** my **** *****. ******* ** *** ** ***** ** **** fw *******

Undisclosed Integrator #2

In reply to Undisclosed Distributor #5 | 10/18/17 02:52pm

*** ****** ***:

** ******* *** ****** ****** *** ** ******* *** ******/*****. It *** **** ******** ** *** ***** ******* ** **** his ****.
**** * **** ** *******. ** *** ** ******* ** FW **** **** **.*.* *** **** **** **** ********** ***** for *** ****** ** ** ********** ** *** **** ****** exploit. ***** *** * ***** *** ********.

Jonathan de Chateau

In reply to Undisclosed Integrator #2 | 10/18/17 02:57pm

******* ******* *** ** * *** *** ***** *** *** coming ****, ***** *****

Undisclosed #3

10/17/17 09:32pm

*** *** ******* ********** **** ********?

Undisclosed Integrator #1

In reply to Undisclosed #3 | 10/17/17 09:43pm

****** * ******, ********* ******.

Undisclosed #3

In reply to Undisclosed Integrator #1 | 10/17/17 09:54pm

*** *** ******* ******** ********** *** ** *** ******** ** all ** *** **** ****?

** ** ****** ********* *****'* **** ******** ** ** **** it *** **** *** ******* ********** *** ****, * *** wondering ** ******* **** ** ***** **** ** ****. *** there **** ******** ** ***** ** ****** *** ******* ****** the ******? ***** ** *** ******** ******* ** **** ** recent ****** ** **** ************* ******* *** *** ****** ***** that **** ******* ***** ********.

Undisclosed #4

In reply to Undisclosed Integrator #1 | 10/18/17 12:24am

** **** ****** ******* ** ******** ******?

Undisclosed Integrator #1

In reply to Undisclosed Integrator #1 | 10/18/17 07:41am

******** **** *** ** ********. * ****** ** *** ******* have **** *******?

Undisclosed #3

In reply to Undisclosed Integrator #1 | 10/18/17 07:49am

** ****'** ************ ******* *** ****** *** **, ******* **** from *** ****** **********. *'* *** **** ** **** **** with **** *******, *** **'* **** ********.

John Scanlan

IPVM | IPVMU Certified | In reply to Undisclosed #3 | 10/18/17 02:12pm

** ******* ** ***** **** *** ******* ***. ********/***** **** ****** *** ******* ** *******, ***** *** ***** models *** ***.

Undisclosed Distributor #5

10/18/17 12:22pm

**** ***** *** *** ***** **** ***?

** ** ** *** **-**********-* *****, ** **** *** ***** where *** **-**** *** ****** *** *** *** *** **** upside ****. **** ****** *** ****** ** **** ** *** reset ****** *** ******* **** *** *** **********

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 01:22pm

** **#*,

* **** ******* *** ** *** ***** *** *** *** is ************, *** *** *** *** ** **** ****** **** without ******** ** **** *** *****? **** *** ****** ** the *** ****'* ******* ** *** ****** ****** ** **** sides.

**** *** ****** *** * ******* ** *** **-****. ** upside ****, ******'* *** ******* ** *** ** *** ***** button *** *** ******* **?

** ***** ** **-**********-*.

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 01:45pm

*** ****'* *** ***! *** *** *** **** ** **-******* in *** ***, *** *** ****** ** *** *** *** be *** **** *** ***** ***. *** ** *** *** a *******, **** **

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 01:48pm

* **** **** ********* **. *** ***** **** *** **** be ******* ** *** ***, *** ****** *** ** **-******* the ***** ***

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 01:56pm

** **** ***** * *** ** ***** ***. *** ** try ** ** ****** ** *** ** * *** ********* this *****.

Undisclosed Manufacturer #6

In reply to Undisclosed Distributor #5 | 10/18/17 02:39pm

**** *** ***** ** **********.

******* * **** ** *** ******* ** **** ****** ***** they ******* *** ****** ** **** *** *** "******" ** the ****** *** ** *******, **** ***** *** ******* ** the ****** ** ********* ** **-**** *** ***** ******. **** are ******* ** * **** ******* ** *** *** ******* and **** *** ** *******. ********, *** ******** ** *** lit ** ****** ** *** **** **** *** ***.

** ********** **, *** ******* **** ***** *** ******* ***** design. * ***'* ***** *** *** ***** ********* **** *****.

Undisclosed Distributor #5

In reply to Undisclosed Manufacturer #6 | 10/18/17 02:56pm

** ******** ******** * ******** ** *** ****** ** *****, also * ******** *****, *** ***** *** *** ***** *** rectified. **** ** ******!

Undisclosed Integrator #7

10/18/17 03:05pm

* *****'* *** ********* ******* ** ******* *** * ******** to **** * ***** ***** **** * ********* ******* ********* to ** ***** ***. ******** * ****** **** *** **** through *** *** ** *** ********* ****** ** ***** ***** away. **** ** ** ******* ***** ***** *** ******* *** recording ** *** *** *** **** ****** ** ***** ** a ******* ***** * ******* ***** ** *** * **** time *** **** ******* ** *** ****** ******.

Undisclosed Integrator #1

10/18/17 04:58pm

**, ******* ****** ***** *** *** ******..

Undisclosed Integrator #1

10/18/17 05:41pm

**, ***** ***** - ******** ***** ** ***** **** ******** to ******* ***** ***** ** *********. **** **** *** ** so **** **** ** ****** ********* ** *** ********.. ** tested *** ****** ****** ****** ** *** ****** **** ** human ******* **** ********

*** ****** **** ***.

* *** ***** *

Discussion	Posts	Latest
P-Iris Lenses For PTZ Cameras (2) Started by Samuel Kumar	2	less than a minute by Undisclosed #1
Deaf Apple Sales Person - Problem / Not A Problem? (23) Started by Undisclosed #1	23	12 minutes by Undisclosed #3
Off Topic: Does Your Office Limit You To 4 Beers A Day? (37) Started by John Honovich	37	about 4 hours by Undisclosed Manufacturer #11
~90 Cameras In Live View, DW Or Milestone? (2) Started by Undisclosed Integrator #1	2	less than a minute by Undisclosed #2
The Big Criticism I Have Is That Site Needs To Cater More To End Users (3) Started by Paresh Desai	3	about 4 hours by Jay Hobdy

Discussion

Posts

Latest

P-Iris Lenses For PTZ Cameras (2)

Started by Samuel Kumar

less than a minute by Undisclosed #1

Deaf Apple Sales Person - Problem / Not A Problem? (23)

Started by Undisclosed #1

12 minutes by Undisclosed #3

Off Topic: Does Your Office Limit You To 4 Beers A Day? (37)

Started by John Honovich

about 4 hours by Undisclosed Manufacturer #11