IP Camera Passwords - Axis, Dahua, Samsung

Author: Ethan Ace, Published on Oct 15, 2014

IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for examples.

However, in the last few years that is starting to change.

In this note, we look at password procedures for Axis, Dahua and Samsung, explaining why and which are strong, moderate or weak.

** ******* *** ****** / ******** *** **** ******* ********* that *** **** ** ***** ********. *** *** ** ******* ******* ********* ********* *** ********.

*******, ** *** **** *** ***** **** ** ******** ** change.

** **** ****, ** **** ** ******** ********** *** ****,******** *******, ********** *** *** ***** *** ******, ******** ** weak.

[***************]

Strong: *******

** ***** **** ****** ******** *******, ******* *** **** *** things ** ******* ******** ********:

  • *****, ***** **** ****** * ******** **** *** ****** ** first ****** ** ******** ** ** ******* *********. ***** ** no ******* ********.
  • ******, *** ***** ******** **** ** ** ***** * ********** and ****** *** ******* *****, ** **** ** *** ***** below. ***** ***** ** *** ***** *******'* ******* ******* ******** ("4321") ** ** ****.

********* **** ***** *** **** ***** ***** ******* *** **** the ***** ******** ********* ** ********, *** **** ** *** more ****** **** ****** ********** ** "****."

Moderate: ****

**** ******* *** ***** *** **** ** ****** * ******** upon ***** *****. *******, "****" ** ***** ********, *** ***** functions ** * ******* ********, **** ***** **** ** ******* to *** ****** ****** *** ******** ******** ***** ** ********. This ***** ** **** ****** **** **** ***** ****** ***** "pass" ******* *******, *** ** *** ****** ** *****.

Bosch: ********

******** ** *.** ********, ***** ******* ***** ** *** * password, **** **** ***** ********* **** ********** ** *** ******'* web *********. **** **** ** ******** ** *** ** ******* and **** ** ********, ****** ******* ** *********, ***** ***** users ** *** ***.

******** ** ***** ***** ** *** ******** ***** ****, **** a ***** ******* ******** "********." **** **** *** ******** ** this ******* *** * ********** **** *** ******** ********* *** lowercase *******, *******, *** * ******* *********, *** *** ***** only ******** ** "******." ****** ********* ******* ** ********** *** a *** ** ***** *****.

****:***** (*** *********)

************ ******* ** *****/*****, **** ******** ** ******, *** ************* not ** *** ******** ***** ** *******. ** ******** ********, Dahua ******* (*** ****) ******** *** ******** ***** ***** *** be *******, *****  ****** (**** ***** ******) *** ****** (**** ****). *******, ** newer ******** (**/** ****), ***** ******** ** ****** *****, **** admin *** **** ******* ** *******.

***** **** *** **** ***** ** ****** *** ******** ****** the ***** *****, *** ******** ******** ******** ***************, **** *****. However, ********* *** **** ******* ******* *** ********, ** ******* characters, ******* ***** ** ******** ****** ** ****** * ****** password.

************, ***** ******* **** ** ****** ** ****** ***** ** ******** failed ***** ******** *** ****, **** *****. **** ** ******** in ** *******, **** **** *** ****** ** ******** ********. This ** ***** ******** **** ******** ******* ******** ******, ******** intruders ** *** **** *** ******* *********.


******

*** **** ******** ** ************* ***** *** ******* ********* ******* forcing ***** ** ****** **** ** *****, *** **** **** we **** **** ******* ******* ***** ** ******* ****. *** **** common *********** ******* *****/*****.

***** *** **** * *** ******** ** ************ *** *********** in ******** ******** **'** **** ** *** ****** *****. *******, feel **** ** *** ****** ** *** ******** *****.

****

**** ** ***** ******** ***** ******* ******* ********* *********, ****** **% ** ***** **** **** ** ***** ********* *** default ********* ** * ********** **********:

**** **** ** ****, **** ** *** ***** ************* ****** do (** ********) ** **** ** ****** ********* **** ******?

Comments (19)

**************'* * *** * *********, ***** ******* *** ********** ********** lucky ** *******. **'* * ***** ********....

*'** ** **** ** *** *** ****** *** ***'* **** crowd **** ****.

**** ** ** ******** ****, * ***** *** ***** ** Dahua: **** ** ***** *** ************ ** ******* ******** ** login ** *** ** **** ***** **** *** ***** ********:

****'* ********** ****** *** ***** ********* ********* (******** ***'** ******* the ********* **** *******, *** ********* ** *** **** ****), and *** * ****** ******* ** *******.

* ** *** ***** **** *******'* ******* ***** *** *********. I ********** *** ******* ** ******** * ********* ** **** pass **** *** ****** ** ****** * *******, **** ** remember ********** ******** *** ****** ** ******** ** * *******.

* ***** **** **** *** ***** ***** ** ****, ******* users ** ****** * ******** *** ******* *** *** **** own ******* ***** ** **********. ******* ** *** ***** ****** card ******* ** ***** ********* **** ***** **** ** *********. The ***** ***** **** *** ****** ** **** * ****** would ****** **** ****** ********.

*** ****** *** **** ****** ** ****** **** ************ *****, so *** ***** * ****** **** ** **** *** ** and **** ** *** **** **** ?

*** ***** ** ********** ****** ** ** **** **** *** value ** **** *** *** **********.

* ** ***** ** *** ******** **** **** ************ ******* which **** ******* ********* *** * ***** **** *** ******* should ******* * *** ******** **** ******* ***** ** ******* the ******. *** ******* **** ********* ********* * ***** ** difficulty ***** ** *** ********* ** *** ******** ** ******* hacking **** ********. ** *** ***, *** ** ***** ***** a ****** *** ** *** ****** ** ***** **** * simple ******** ** **** ****** ** * ***** ****** ? If *** **** **** ***** ** ** ******** ** **** high ***** ** ********** **** *** ****** ** **** ** implement ** *** ** ****** *** ** ********.

* **** **** ******* ******* *** ***** *** ******** * real **** ***** *** ** ***** ******* **** ********* *******.

** *** **** ****, ******, **** ** ** **** * manufacturer's ***********: ***** *** ***** *** ***** ********* ** *********** ** ******* ** *** ********, *** ******* ********** **** *** ****** **** ****.

** ***** ** **** * ***** ****** **** ** ********* user **** **** *** ** ***** ** * ******* **** and ***** ** **** ** *** ******** (*** ****'* * realistic ********), *****'* **** * ****** ******* **** **** ** and **** **. *** ******* **** ***** ****** *** ** a ** ********* *** * ***** ** *********. ******* ***** to ****** * ******** *** *** ***** * ******* *** can ****** ***** *** **** ******** ** ***** ******, ** most ***'* ** ******* *** ******* ** ******* **. ****'** just *** ********* *** **** **** ****, **** ** ** the **** ******.

**** ** ******* ********** ******* *********, *** ** ****** * complex ***** ******** *********** * *** *****? *** ***** ** users **** ** ****** *** ****** *** **** ********? ** seems **** ** **** ** **'* **********, ** ****** *** be * *******.

*** **** ******* ******'* ********* *** *** "***********!"

** **** *****'* ********, ****, ******** *** ********** *** ******** one *** ********* *** ** **** ********, ***** ** ***** not *** ****.

******* ****** ** ****** ***** *** ******** ** * ****** is ****. ***** *** *** *** **** '****' ******* ** the ******** ******* ****** ******'* ****** ** ****** *** ********.

* **** ******** * ******* ** ** *** ****** ******* they ******'* ** ******** ** ****** *** ******* ********.

*******, ******* ** **** ** ******** ******** ***'* ** ****************, ** **** *********. * ******* **** ***** **** ******** who **** *** *** **** ******** ****** **** **** **** all ***** ********/******* ***. *** ** ****** ** *** ***** of **********!

****,********** ****

****** *** * **-********* ***** ***** ********* *************************.

* *** **** ************ **** ******** ****** ****** **** **** virtually ****** **** ******** ********* ***** ***** *****.

*'* ***** ** ** *** ** * **** *** ******* that ******** ********* ******** ******* ***** ******** ** * ***** deal **** *** ****** ******** **** ********* ******* *** *********** contortions ****** ************ ********** ******** *******.

* ******* ******** ** ***** *** *********** ***** ** ** standardize ** **** ******* **** ** **** ****** ******** ************.

**** ** ***** ***** ********* **** ******** ****** ***** *** available ** ******* *** ***** ** ******* ******* ********. ****, data ****** ************ *** ******** ************ *************, ******** **** ******** within *** ***** ** ****** ******* **** **** **** ***'* care ** ***** **** **** ******.

*** ****, * **** **** ************ ***** **** ** ****** room ** **** * ********* *** ****** ********. sentence ***** ** * ****** ********)

********* *** **************** ******** **** ****** **** ********* ** * *********** ****** could **** ** * ********** ** *** *******. **** ************ cameras *** *** ******** **** * ********'* **** ********. * agree; *** ***** ** ********** ****** ** ** **** **** the ***** ** **** *** *** **********.

** * ******** *** ******* ****, **** ******* ******** ***** the ****** ** ********** ******* ** * ********. ** ***** in ********* **** **********, ****** ********* *** ** **** ****** ********** ***** ***** being ******. ******* ***** ***** *** ****** **** ******* ** data *** ******* ******* ** ******** ********** **** *********; ***** anyone ******* ******* ******** ********** *** ******** ****** ************?

*'* *** **** ***** ***** *** *********, *** ***** ** known *** ****** * ******** ******** ** *** *** *** a ****** ******** * ******* **** ****** ** *******. * was **** ** ***** ***** ****:***** *** ****** *** ****** as **** *** *** **** ******* * ****.

* ******* **** *** ****** ****** ***** ** ******* ** be ******** ******** *** **** ******* * *** ** ****** through * ****** ******* **** *** ******. **** ****** **** be ** * **** ******** **** *** **** ** *** network. ** ***** ** **** ** *** ******** ******* **** also *******.

** * ******** ****, *** ****** ***** ******* ******** ******* one ** ****** *** ********* *** *****. ** ***** ********/******, this *** *** ******** *** *** ******** ** *** ******* could ****** *** ***** ***** *****.

**

****** **** * ******** ******* ** *** ***** ** ******** Cameras (** ********** ** *** *****/**** ***). **** *** *** dealing **** *** ******* *** ** *** ** ***** *** 200 ********* ******* ********* *** ***** ****? *** *** **** finda *** ** ****** ***** *** *********... *** **** ********.

* ******* **** ******** ***** ****** **** *** ******* ******. That ** *** ** **** ***** ** ********** *** **** seems ** ** *** *** *** ** **** **** *** Device ********** / ****** ******** *********** ************.

*, * ***** * *** ********** ** **** **** -*** ** *** ****** ******** ********** ** *** *******?

******: ***** *** **** ***** (*** *****'* ***** ****) ** change ******** ** ***** *****, *** ***** ******** ******** ***************.

****'** **** ******* *** ****** *** ****** ******** ******** **** cameras.

**'** ********* **** ** ******** *******, *** ***'* **** * new *** ** ***** ****. **'** ****** ** ** **.

****** *** *** ******. * *****'* **** **** ** *** IP ******* *** * **** **** *** ******** ******* ** the *** ****. ** ***** ** ** ****** *** ******** and * ******* * ***** **** * ******** ****** **** 6 **********. *** * *** * ******** **** ***** *****, but * ******* **** ***** * **** *** **** ** not ** **** ** ** *** ** ******* ***** ***** it **** ****** ** *** *********.

**** *** ****** ** *** ***** ******** ***** ** *******? I **** **** * ***** ****** *** ********* ** *** cameras, *** **** ****** *** ***** ******* ** ********** ***** settings ******* * ******** ** ***** ***** *****.

* ****'* ***** *** ***** ********. *'** ***** ** *** tomorrow. * ** ****** ****** * ******** *** ***** ************** I ***'* ****** ***** *****, *** * ****'* *** ** out.

***, * ******* **** *** **** ** ***** *** *****. I *******, *** **** ** *****. **** *** ***** * changed *** ********* ** *** ****** *** ** ****'* ****** the ***** ********. ** *** ***** *****/***** **** ************** ****** on (** ******** ****** ***). * ***** ** ****** *** password **** ***** *******, *** **** ****'* **** ***** ** why *'* ****** ***** ******** ********* **** *****.

**** ** ** ****** ** ***** *** ***** ********. ** the ****** ***** ******** (*** **** *** ***** **** ** other ********) *** *** ******* ** ****** *** ***** ********. However, ***** ************** **** ** ** *** *** ***'* ****** the ******** **** *** *** *******. *** **** ****** *** Onvif ***** ******** ***** ***** ****** *******.

** ******** ** ****, ****** *** ***** ******* **** ***** firmware **** *** ** ********* ** *** ******** *******. *** the **** ** ******* *** **** ****/*****. *** ******* ***** the ****/***** **** ** ******* *** **** **** ** *** of *****. ***** *** ******** ******, ** ***** ****** *** 8's *** *'* ******** *** **** ***** ** ***** ****** Manager *** ****** *** *** *********. ** **** *****/***** ***** backdoor.

** **** *****/***** ***** ********.

**** ****, ****!

*** *. **** *** * ****. ;)

******: ** ***** * ******* ** *****, *** ******** ******** no ******** ** *******. ** *** *********, **** ****** *** user ** ****** * ********, *** ***'* ******* * ****** one.

**** **** ****** ** *** *** ****** ** *******, ***** used ** ** **, *** **** ** ******** ********, ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Free VMS Software Directory on Jan 13, 2017
Many Video Management Software (VMS) providers offer free versions, either open source, for a limited number of cameras or for a limited amount of...
Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down] on Jan 03, 2017
Hikvision suffered severe criticisms for its abrupt plan to discontinue its Hikvision Online service, with 3 core functions to be removed on Dec...
Hikvision Discontinuing Online Service on Dec 12, 2016
Hikvision has declared it will discontinue its Hikvision online service, just days after IPVM's Hikvision Cloud Security Vulnerability...
Sony IP Camera Backdoor Uncovered on Dec 06, 2016
A backdoor has been uncovered in ~80 Sony IP camera models, attackers can remotely enable telnet on the camera, and then potentially login as root,...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hikvision Cloud Security Vulnerability Uncovered on Dec 05, 2016
A security researcher uncovered a critical vulnerability in Hikvision's global cloud servers. This vulnerability allowed an attacker to remotely...
Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits on Nov 16, 2016
This list compiles reported exploits for security products, and is updated regularly. We have summarized exploits by date and by manufacturer,...
Hikvision 'Phone Home' Raises Security Fears on Nov 10, 2016
The escalating attention towards Hikvision's China government ownership and Genetec's removal of Hikvision due to cyber security concerns has...
Genetec Expels Hikvision on Nov 08, 2016
Genetec has removed support for Hikvision devices, deeming them 'untrustworthy', citing customer concerns about Chinese government ownership /...
Now Knocking A Country Offline - The Video Surveillance Driven Botnet Wreaks Havok on Nov 03, 2016
The video surveillance driven botnet is now attacking an entire country. The Mirai malware that took advantage of poor security in Xiongmai, Dahua...

Most Recent Industry Reports

2Gig Expands Into Commercial Intrusion With Vario on Jan 23, 2017
2GIG, an alarm product manufacturer best known for their wireless products, has introduced a new line of wired panels aimed at the commercial...
Integrator Service Vehicle Guide on Jan 23, 2017
Few assets are as commonly used by integrators and installers as their service vehicles. 125 integrators explained to IPVM in detail about their...
Goodbye Samsung, Hello Wisenet X on Jan 23, 2017
Samsung is gone but Hanwha is back. Their latest generation Wisenet X, touts a slew of new high end features including H.265, WiseStream II,...
Vivotek Favorability Results on Jan 20, 2017
Financially, Vivotek is doing relatively well. The company did ~$130 million in 2015 revenue and 2016 revenue (through Q3 reported) was up more...
PR Firm Pleads Don't Scrap PR Spending on Jan 20, 2017
PR is not dying, warns pleads PR firm. Take 40+ year old industry PR firm LRG, who recently lamented the 'misconceptions' that: Traditional PR...
Getting Started With Your IPVM Membership on Jan 20, 2017
Here's how to get started and get the most out of your IPVM membership. Books for Members All members can download the 3 member-only books below...
Jim Cramer Sucks Up To Knightscope on Jan 19, 2017
Credit must be given to Knightscope. They are raising money right now and despite their $80 million pre-money valuation against a lowly sub $1...
ADT Launches Canopy - Professional Monitoring For DIY Devices on Jan 19, 2017
The intrusion industry has criticized DIY security systems for years, claiming systems like Canary or Scout cannot match professionally installed...
Dahua UnFavorability Results on Jan 19, 2017
Dahua, the mega-Chinese surveillance manufacturer not primarily owned by the Chinese government has been trying to break out of the shadow of...
Paxton Hosted Access - Disruptive Low Dealer Pricing on Jan 19, 2017
Paxton is entering the hosted access game, with BLU, at a cost that is a fraction of key competitors. The different approach could be very...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact