IP Cameras Default Passwords Directory

By: Ethan Ace, Published on Feb 09, 2018

Below is a directory of 50+ manufacturer's default passwords.

Note: Change Default Passwords

Leaving default passwords is dangerous and makes it easy for even inexperienced attackers to take control, brick or watch your video feed. Worse, since many cameras are made available over the Internet (often because of another risky practice, port forwarding or because the manufacturer defaulted UPnP on), the cameras may be attacked from anywhere in the world.

Manufacturer List Default Passwords

While IPVM strongly recommends using complex passwords, users may still need to know defaults when cameras are first configured or factory defaulted, and finding these credentials can be aggravating, with many manufacturers burying them in PDF manuals or not documenting them at all.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:

  • ACTi: admin/123456 or Admin/123456
  • Amcrest: admin/admin
  • American Dynamics: admin/admin or admin/9999 
  • Arecont Vision: none
  • AvertX: admin/1234
  • Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
  • Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)
  • Basler: admin/admin
  • Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
  • Brickcom: admin/admin
  • Canon: root/camera
  • Cisco: No default password, requires creation during first login
  • Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin
  • Digital Watchdog: admin/admin
  • DRS: admin/1234
  • DVTel: Admin/1234
  • DynaColor: Admin/1234
  • FLIR: admin/fliradmin
  • FLIR (Dahua OEM): admin/admin
  • FLIR (Quasar/Ariel): admin/admin
  • Foscam: admin/<blank>
  • GeoVision: admin/admin
  • Grandstream: admin/admin
  • Hanwha: admin/no default password, must be created during initial setup
  • Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Honeywell: admin/1234
  • IndigoVision (Ultra): none
  • IndigoVision (BX/GX): Admin/1234
  • Intellio: admin/admin
  • Interlogix admin/1234
  • IQinVision: root/system
  • IPX-DDK: root/admin or root/Admin
  • JVC: admin/jvc
  • Longse: admin/12345
  • Lorex: admin/admin
  • LTS: Requires unique password creation; previously admin/12345
  • March Networks: admin/<blank>
  • Mobotix: admin/meinsm
  • Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Oncam: admin/admin
  • Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345
  • Pelco: New firmwares require unique password creation; previously admin/admin
  • Pixord: admin/admin
  • Q-See: admin/admin or admin/123456
  • Reolink: admin/<blank>
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung (new): Previously admin/4321, but new firmwares require unique password creation
  • Sanyo: admin/admin
  • Scallop: admin/password
  • Sentry360 (mini): admin/1234
  • Sentry360 (pro): none  
  • Sony: admin/admin
  • Speco: admin/1234
  • Stardot: admin/admin
  • Starvedia: admin/<blank>
  • Sunell: admin/admin
  • SV3C: admin/123456
  • Swann: admin/12345 
  • Trendnet: admin/admin
  • Toshiba: root/ikwd
  • VideoIQ: supervisor/supervisor
  • Vivotek: root/<blank>
  • Ubiquiti: ubnt/ubnt
  • Uniview: admin/123456
  • W-Box (Hikvision OEM, old): admin/wbox123
  • W-Box (Sunell OEM, new): admin/admin
  • Wodsee: admin/<blank>

If we have missed a manufacturer or made errors, please comment (or email info@ipvm.com) and we will add/fix it.

Missing? May Be An OEM

Dahua and Hikvision have 100+ relabelers/OEMs and many of them may simply use the same password requirements as their base manufacturer. If your chosen manufacturer is not listed, check our Hikvision OEM Directory and Dahua OEM Directory to see if they may be relabeled.

Strong Password Measures Increasing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Several manufacturers, including Hanwha, Hikvision, and Panasonic, now require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters, seen below.

Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays the message when logging into cameras using firmware 6.20 and above. Dahua includes a similar prompt.

Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods. 

Using Default Passwords

The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.

However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.

Readers should see our Network Security for IP Video Surveillance Guide for more information on passwords and other security measures.

Real World Risk: Mirai Botnet Use of Default Passwords

Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a powerful example of why default passwords should not be used nor should they be allowed to be used after setup.

For more on this and other vulnerabilities, see our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits.

[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016 and 2018]

8 reports cite this report:

Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Default Passwords Outlawed in California, US To Follow on Oct 09, 2018
A new California bill aimed at improving security for connected devices has been signed into law. The law takes aim especially at passwords on...
IPVM Vulnerability Scanner Released / Deprecated on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
ONVIF Profile Q Aims To Change Discovery and Default Passwords on Jan 13, 2015
ONVIF is gearing up to release a new profile, called Q. They market it as providing "quick configuration and installation, providing innate...
IP Camera Passwords - Axis, Dahua, Samsung on Oct 15, 2014
IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for...

Related Reports

Hikvision Global News Reports Directory on Dec 02, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...
US Issues Criminal Charges For Fraudulently Selling Hikvision And Other China Products on Nov 07, 2019
The US government has made an unprecedented move on the video surveillance supply chain, charging a US company, Aventura for "having conspired with...
100+ Companies Profile Directory on Nov 06, 2019
While IPVM covers the largest companies in the industry regularly (like Axis, Dahua, Hikvision, etc.), IPVM strives to do a profile post on each...
Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Directory of 70 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Genetec Stratocast VSaaS Tested on Sep 05, 2019
The VSaaS market is rapidly expanding in 2019, with Verkada, Meraki, Eagle Eye, Avigilon and numerous startups growing their market share. When we...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...

Most Recent Industry Reports

Disruptor Wyze Releases Undisruptive Smartlock on Dec 06, 2019
While Wyze has disrupted the consumer IP camera market with ~$20 cameras, its entrance into smart locks is entirely undisruptive. We have...
Bosch Budget 3000i Cameras Tested on Dec 05, 2019
Bosch has long had a hole in its lineup for, as it describes, "competitively-priced cameras". Now, Bosch has released its 3000i series cameras...
Anixter Resisting Takeover From Competitor on Dec 05, 2019
Mega distributor Anixter is going to be acquired but by whom? Initially, Anixter planned to go private, being bought by a private equity firm....
Security Sales Course 2020 - Last Chance Save $50 on Dec 05, 2019
This sales course is customized for the current needs and challenges specific to professionals selling video surveillance and access control...
Ireland National Children's Hospital Chooses Hikvision End-to-End With Facial Recognition on Dec 05, 2019
The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including...
AVTech ~$70 IP Cameras Tested Vs Dahua and Hikvision on Dec 04, 2019
Taiwanese manufacturer Avtech is taking direct aim at low cost leaders Dahua and Hikvision with ~$70 starlight and white light illuminator...
Ultinous European Analytics Startup Company Profile on Dec 04, 2019
European analytics-startup Ultinous pitches customers to "Have your own video analysis service!" We spoke to Ultinous to better understand their...
Access Startup Multi-Mount Aims To Streamline Reader Installs on Dec 03, 2019
Startup Multi-Mount claims it makes installing access readers 'Fast', 'Secure,' and fit 'any size frame.' The company states its bracket 'fits most...
Resideo CEO To Step Down on Dec 03, 2019
Resideo's CEO, Mike Nefkins, is stepping down, just 18 months after being brought in to lead the now plagued spin-out. Inside this note, we...
Arcules CEO Retracts False GDPR Claim + Dahua and Milestone Claims Examined on Dec 03, 2019
Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens...