IP Cameras Default Passwords Directory

Author: Ethan Ace, Published on Feb 09, 2018

Below is a directory of 50+ manufacturer's default passwords.

Note: Change Default Passwords

Leaving default passwords is dangerous and makes it easy for even inexperienced attackers to take control, brick or watch your video feed. Worse, since many cameras are made available over the Internet (often because of another risky practice, port forwarding or because the manufacturer defaulted UPnP on), the cameras may be attacked from anywhere in the world.

Manufacturer List Default Passwords

While IPVM strongly recommends using complex passwords, users may still need to know defaults when cameras are first configured or factory defaulted, and finding these credentials can be aggravating, with many manufacturers burying them in PDF manuals or not documenting them at all.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:

  • ACTi: admin/123456 or Admin/123456
  • Amcrest: admin/admin
  • American Dynamics: admin/admin or admin/9999
  • Arecont Vision: none
  • AvertX: admin/1234
  • Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
  • Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)
  • Basler: admin/admin
  • Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
  • Brickcom: admin/admin
  • Canon: root/camera
  • Cisco: No default password, requires creation during first login
  • Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin
  • Digital Watchdog: admin/admin
  • DRS: admin/1234
  • DVTel: Admin/1234
  • DynaColor: Admin/1234
  • FLIR: admin/fliradmin
  • FLIR (Dahua OEM): admin/admin
  • FLIR (Quasar/Ariel): admin/admin
  • Foscam: admin/<blank>
  • GeoVision: admin/admin
  • Grandstream: admin/admin
  • Hanwha: admin/no default password, must be created during initial setup
  • Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Honeywell: admin/1234
  • IndigoVision (Ultra): none
  • IndigoVision (BX/GX): Admin/1234
  • Intellio: admin/admin
  • Interlogix admin/1234
  • IQinVision: root/system
  • IPX-DDK: root/admin or root/Admin
  • JVC: admin/jvc
  • Longse: admin/12345
  • Lorex: admin/admin
  • LTS: Requires unique password creation; previously admin/12345
  • March Networks: admin/<blank>
  • Mobotix: admin/meinsm
  • Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Oncam: admin/admin
  • Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345
  • Pelco: New firmwares require unique password creation; previously admin/admin
  • Pixord: admin/admin
  • Q-See: admin/admin or admin/123456
  • Reolink: admin/<blank>
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung (new): Previously admin/4321, but new firmwares require unique password creation
  • Sanyo: admin/admin
  • Scallop: admin/password
  • Sentry360 (mini): admin/1234
  • Sentry360 (pro): none
  • Sony: admin/admin
  • Speco: admin/1234
  • Stardot: admin/admin
  • Starvedia: admin/<blank>
  • Sunell: admin/admin
  • SV3C: admin/123456
  • Swann: admin/12345
  • Trendnet: admin/admin
  • Toshiba: root/ikwd
  • VideoIQ: supervisor/supervisor
  • Vivotek: root/<blank>
  • Ubiquiti: ubnt/ubnt
  • Uniview: admin/123456
  • W-Box (Hikvision OEM, old): admin/wbox123
  • W-Box (Sunell OEM, new): admin/admin
  • Wodsee: admin/<blank>

If we have missed a manufacturer or made errors, please comment (or email info@ipvm.com) and we will add/fix it.

Missing? May Be An OEM

Dahua and Hikvision have 100+ relabelers/OEMs and many of them may simply use the same password requirements as their base manufacturer. If your chosen manufacturer is not listed, check our Hikvision OEM Directory and Dahua OEM Directory to see if they may be relabeled.

Strong Password Measures Increasing

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Several manufacturers, including Hanwha, Hikvision, and Panasonic, now require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters, seen below.

Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays the message when logging into cameras using firmware 6.20 and above. Dahua includes a similar prompt.

Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods.

Using Default Passwords

The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.

However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.

Readers should see our Network Security for IP Video Surveillance Guide for more information on passwords and other security measures.

Real World Risk: Mirai Botnet Use of Default Passwords

Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a powerful example of why default passwords should not be used nor should they be allowed to be used after setup.

For more on this and other vulnerabilities, see our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits.

[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016 and 2018]

6 reports cite this report:

IPVM Vulnerability Scanner Released on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
New ONVIF Profile Q Aims To Change Discovery and Default Passwords on Jan 13, 2015
ONVIF is gearing up to release a new profile, called Q. They market it as providing "quick configuration and installation, providing innate...
IP Camera Passwords - Axis, Dahua, Samsung on Oct 15, 2014
IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for...

Related Reports

Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...
Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
July 2018 IP Networking Course on Jul 12, 2018
Registration is closed. This is the only networking course designed specifically for video surveillance professionals.  Lots of network training...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring Dahua as a 'cyber responsible partner',...
Debating Relevance of China Hacking US Navy Plans on Jun 11, 2018
"Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to...
Remove Dahua and Hikvision Gov Installs Required By US House Bill Ban on Jun 06, 2018
The final released US House Bill HR 5515 verifies that it not only prohibits the purchasing of Dahua and Hikvision products, it requires removing...
Dahua's Terrible Cybersecurity, Buys Credibility From PSA And SIA on Jun 04, 2018
Dahua has a terrible cybersecurity track record. But American organizations, like the Security Industry Association (SIA) and the PSA Security...
Canon Responds To IP Camera Hacks on May 30, 2018
Canon cameras made international news earlier this month, with reports of them being hacked in Japan (e.g., Hackers disable scores of Canon-made...
Corruption Alleged Against Hikvision Procurement In India on May 28, 2018
Over the past month, allegations of corruption and national security risk have made the news in India over the planned purchase of 150,000...

Most Recent Industry Reports

SimpliSafe Violating California, Florida, and Texas Licensing Laws on Aug 14, 2018
IPVM has verified that DIY security system provider SimpliSafe, founded in 2006 and acquired in June of 2018 at a billion dollar valuation, is...
Cut Milestone Licensing Costs 80% By Using Hikvision and Dahua NVRs (Tested) on Aug 13, 2018
Enterprise VMS licensing can be quite expensive, with $200 or more per channel common, meaning a 100 camera system can cost $20,000 in VMS...
Nortek Sues SDS, Battle Over Unpaid Bill and Cancelled Lines on Aug 13, 2018
Nortek and SDS legal battle continues. As IPVM reported, SDS sued Nortek alleging bribery and antitrust violation. However, Wave fired back at SDS,...
Uniview Intrusion Analytics and VMD Tested on Aug 13, 2018
IPVM's IP Camera Analytics Shootout featuring Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision created some ill will with a Uniview distributor who...
ADT Employees Protest ADT CEO on Aug 10, 2018
So many ADT employees were so upset with ADT's CEO speech reported on by IPVM, that ADT's CEO was forced to send a mass email to employees to...
Axis / Avigilon Legal Battle Rises on Aug 09, 2018
In what is shaping up to be high-powered, will-not-back-down battle, Axis and Avigilon are squaring off in multiple legal contests. In 2017, IPVM...
Camera Focusing Tutorial on Aug 09, 2018
A camera's focus is fundamental to quality imaging. Mistakes can cause important problems. In this guide, we explain focus issues and proper...
Dahua Ban Response: NOT Chinese Government Owned on Aug 08, 2018
Dahua has responded to the US Congress passing a US government ban on Dahua and Hikvision's products. While Dahua offered the now standard...
Bad Move: ADT Markets Rival Amazon on Aug 08, 2018
Amazon may be lining up ADT as its next victim but ADT is happy to promote Amazon. Amazon has made major moves recently, including acquiring...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact