IP Cameras Default Passwords Directory

Author: Ethan Ace, Published on Feb 09, 2018

Below is a directory of 50+ manufacturer's default passwords.

Note: Change Default Passwords

Leaving default passwords is dangerous and makes it easy for even inexperienced attackers to take control, brick or watch your video feed. Worse, since many cameras are made available over the Internet (often because of another risky practice, port forwarding or because the manufacturer defaulted UPnP on), the cameras may be attacked from anywhere in the world.

Manufacturer List Default Passwords

While IPVM strongly recommends using complex passwords, users may still need to know defaults when cameras are first configured or factory defaulted, and finding these credentials can be aggravating, with many manufacturers burying them in PDF manuals or not documenting them at all.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:

  • ACTi: admin/123456 or Admin/123456
  • Amcrest: admin/admin
  • American Dynamics: admin/admin or admin/9999
  • Arecont Vision: none
  • AvertX: admin/1234
  • Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
  • Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)
  • Basler: admin/admin
  • Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
  • Brickcom: admin/admin
  • Canon: root/camera
  • Cisco: No default password, requires creation during first login
  • Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin
  • Digital Watchdog: admin/admin
  • DRS: admin/1234
  • DVTel: Admin/1234
  • DynaColor: Admin/1234
  • FLIR: admin/fliradmin
  • FLIR (Dahua OEM): admin/admin
  • FLIR (Quasar/Ariel): admin/admin
  • Foscam: admin/<blank>
  • GeoVision: admin/admin
  • Grandstream: admin/admin
  • Hanwha: admin/no default password, must be created during initial setup
  • Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Honeywell: admin/1234
  • IndigoVision (Ultra): none
  • IndigoVision (BX/GX): Admin/1234
  • Intellio: admin/admin
  • Interlogix admin/1234
  • IQinVision: root/system
  • IPX-DDK: root/admin or root/Admin
  • JVC: admin/jvc
  • Longse: admin/12345
  • Lorex: admin/admin
  • LTS: Requires unique password creation; previously admin/12345
  • March Networks: admin/<blank>
  • Mobotix: admin/meinsm
  • Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Oncam: admin/admin
  • Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345
  • Pelco: New firmwares require unique password creation; previously admin/admin
  • Pixord: admin/admin
  • Q-See: admin/admin or admin/123456
  • Reolink: admin/<blank>
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung (new): Previously admin/4321, but new firmwares require unique password creation
  • Sanyo: admin/admin
  • Scallop: admin/password
  • Sentry360 (mini): admin/1234
  • Sentry360 (pro): none
  • Sony: admin/admin
  • Speco: admin/1234
  • Stardot: admin/admin
  • Starvedia: admin/<blank>
  • Sunell: admin/admin
  • SV3C: admin/123456
  • Swann: admin/12345
  • Trendnet: admin/admin
  • Toshiba: root/ikwd
  • VideoIQ: supervisor/supervisor
  • Vivotek: root/<blank>
  • Ubiquiti: ubnt/ubnt
  • Uniview: admin/123456
  • W-Box (Hikvision OEM, old): admin/wbox123
  • W-Box (Sunell OEM, new): admin/admin
  • Wodsee: admin/<blank>

If we have missed a manufacturer or made errors, please comment (or email info@ipvm.com) and we will add/fix it.

Missing? May Be An OEM

Dahua and Hikvision have 100+ relabelers/OEMs and many of them may simply use the same password requirements as their base manufacturer. If your chosen manufacturer is not listed, check our Hikvision OEM Directory and Dahua OEM Directory to see if they may be relabeled.

Strong Password Measures Increasing

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Several manufacturers, including Hanwha, Hikvision, and Panasonic, now require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters, seen below.

Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays the message when logging into cameras using firmware 6.20 and above. Dahua includes a similar prompt.

Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods.

Using Default Passwords

The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.

However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.

Readers should see our Network Security for IP Video Surveillance Guide for more information on passwords and other security measures.

Real World Risk: Mirai Botnet Use of Default Passwords

Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a powerful example of why default passwords should not be used nor should they be allowed to be used after setup.

For more on this and other vulnerabilities, see our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits.

[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016 and 2018]

6 reports cite this report:

IPVM Vulnerability Scanner Released on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
New ONVIF Profile Q Aims To Change Discovery and Default Passwords on Jan 13, 2015
ONVIF is gearing up to release a new profile, called Q. They market it as providing "quick configuration and installation, providing innate...
IP Camera Passwords - Axis, Dahua, Samsung on Oct 15, 2014
IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for...

Related Reports

Ban of Dahua and Hikvision Is Now US Gov Law on Aug 13, 2018
The US President has signed the 2019 NDAA into law, banning the use of Dahua and Hikvision (and their OEMs) for the US government, for US...
Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...
Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
July 2018 IP Networking Course on Jul 12, 2018
Registration is closed. This is the only networking course designed specifically for video surveillance professionals.  Lots of network training...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a...
Debating Relevance of China Hacking US Navy Plans on Jun 11, 2018
"Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to...
Remove Dahua and Hikvision Gov Installs Required By US House Bill Ban on Jun 06, 2018
The final released US House Bill HR 5515 verifies that it not only prohibits the purchasing of Dahua and Hikvision products, it requires removing...
Dahua's Terrible Cybersecurity, Buys Credibility From PSA And SIA on Jun 04, 2018
Dahua has a terrible cybersecurity track record. But American organizations, like the Security Industry Association (SIA) and the PSA Security...
Canon Responds To IP Camera Hacks on May 30, 2018
Canon cameras made international news earlier this month, with reports of them being hacked in Japan (e.g., Hackers disable scores of Canon-made...

Most Recent Industry Reports

Backup Power For Maglocks Guide on Aug 20, 2018
When the main power fails, many believe maglocks must leave doors unlocked. However, battery backed up maglocks are allowed according to IBC /...
Axis Strong Q2 2018 Results on Aug 20, 2018
Axis reported strong Q2 2018 financial results and, for the first time in many years, Axis grew faster than Hikvision. However, the company's...
2Gig Gun Lock / Motion Detector Tested on Aug 17, 2018
Safer guns for families and an opportunity for security dealers to sell more services? That is the aim of Nortek's 2GIG 'Gun Motion Detector'...
Video Analytics Integration Guide on Aug 16, 2018
Video analytics is hot again (at least conceptually) but integrating video analytics with VMSes can be challenging. This is especially significant...
Hikvision IP Camera Critical Vulnerability 2018 Disclosed on Aug 16, 2018
The same day that the US government passed a prohibition on Hikvision cameras, Hikvision disclosed a critical vulnerability for its IP...
ISS VMS / Video Analytics Company Profile on Aug 16, 2018
Who is ISS? In the past few months, they had one of the craziest ISC West promo items in years. Then, they hired industry veteran and ex-Dahua...
Chinese OEM Avycon Gets ADI Push on Aug 15, 2018
Who is Avycon? An American company? A Korean company? A couple of guys relabelling Chinese products? The latter is the best explanation. While...
Backboxes for Video Surveillance Tutorial on Aug 15, 2018
Backboxes are a necessity in surveillance, whether for managing cable whips, recessing cameras, adding wireless radios. But it can be confusing to...
Genetec Stratocast / Comcast 'Motion Insights' Examined on Aug 15, 2018
Comcast recently announced "SmartOffice Motion Insights", an extension to their Genetec OEMed cloud video service (covered by IPVM here). This...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact