IP Cameras Default Passwords DirectoryAuthor: Ethan Ace, Published on May 27, 2016
Finding an IP camera's default password can be tedious or aggravating. And keeping up with changes in newer firmwares can be difficult, especially for occasional users.
With that in mind, we have gathered this list of IP camera manufacturers and their default usernames and passwords to help users get started more quickly. After the list, we discuss recent changes by manufacturers as well as password security issues.
[Don't miss downloading our free IP video surveillance book.]
For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:
- ACTi: admin/123456 or Admin/123456
- American Dynamics: admin/admin or admin/9999
- Arecont Vision: none
- Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
- Axis: Traditionally root/pass, new Axis cameras require password creation during first login (though root/pass may be used for ONVIF access)
- Basler: admin/admin
- Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
- Brickcom: admin/admin
- Canon: root/camera
- Cisco: No default password, requires creation during first login
- Dahua: admin/admin
- Digital Watchdog: admin/admin
- DRS: admin/1234
- DVTel: Admin/1234
- DynaColor: Admin/1234
- FLIR: admin/fliradmin
- FLIR (Dahua OEM): admin/admin
- Foscam: admin/<blank>
- GeoVision: admin/admin
- Grandstream: admin/admin
- Hikvision: Previously admin/12345, but firmware 5.3.0 and up requires unique password creation
- Honeywell: admin/1234
- Intellio: admin/admin
- IQinVision: root/system
- IPX-DDK: root/admin or root/Admin
- JVC: admin/jvc
- March Networks: admin/<blank>
- Mobotix: admin/meinsm
- Northern: Previously admin/12345, but firmware 5.3.0 and up requires unique password creation
- Panasonic: Previously admin/12345, but firmware 2.40 requires username/password creation
- Pelco Sarix: admin/admin
- Pixord: admin/admin
- Reolink: admin/<blank>
- Samsung Electronics: root/root or admin/4321
- Samsung Techwin (old): admin/1111111
- Samsung (new): Previously admin/4321, but new firmwares require unique password creation
- Sanyo: admin/admin
- Scallop: admin/password
- Sentry360 (mini): admin/1234
- Sentry360 (pro): none
- Sony: admin/admin
- Speco: admin/1234
- Stardot: admin/admin
- Starvedia: admin/<blank>
- Trendnet: admin/admin
- Toshiba: root/ikwd
- VideoIQ: supervisor/supervisor
- Vivotek: root/<blank>
- Ubiquiti: ubnt/ubnt
- Uniview: admin/123456
- W-Box: admin/wbox123
- Wodsee: admin/<blank>
If we have missed something or made errors, please comment (or email firstname.lastname@example.org) and we will add/fix it.
Trend Toward Strong Passwords
Several manufacturers, including Hikvision, Samsung, and Panasonic, have begun to require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters.
Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays this message when logging into cameras using firmware 6.20 and above:
Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods.
Using Default Passwords
The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.
However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.
Readers should see our Network Security for IP Video Surveillance Guide 2016 for more information on passwords and other security measures.
October 2016: Mirai Botnet Use of Default Passwords
Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a power signal of why default passwords should not be used nor should they be allowed to be used after setup.
[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016.]
5 reports cite this report:
Most Recent Industry Reports
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.