Ran across this curious situation last week.
Background:The install is a college fraternity house we installed a camera system for a few years ago and have added additional cameras more recently. The NVR is a LTS (HIK) 32 Channel and the original cameras were LTS most still had default passwords. The more recently added cameras were HIK brand with much stronger (13 character) passwords. The NVR is accessible on the Internet via port forwarding using non standard ports (ie: not 80, 8000, 554). Firmware upgrades have been done in the last six months. The NVR also has a strong 13 character password.
Customer called me and said one camera was out. Went on site and found that the camera was discoverable but not accessible. It was one of the newer ones with the 13 character password, and it was rejecting all attempts to log in. I emailed HIK for the reset, and upon resetting it I discovered the camera was set to Black and White, and displayed this:
I performed a factory default and it's back up and running, but I'm perplexed as to how this happened, and how prevent it going forward.
The NVR sits in a locked closet and I'm quite confident a local frat prankster was not the culprit. The cameras are not directly accessible per se via the internet. This particular camera has as it's IP address 192.168.1.24. Would that address expose it to some sort of routing vulnerability?