IP Cameras Default Passwords Directory

By: Ethan Ace, Published on Feb 09, 2018

Below is a directory of 50+ manufacturer's default passwords.

Note: Change Default Passwords

Leaving default passwords is dangerous and makes it easy for even inexperienced attackers to take control, brick or watch your video feed. Worse, since many cameras are made available over the Internet (often because of another risky practice, port forwarding or because the manufacturer defaulted UPnP on), the cameras may be attacked from anywhere in the world.

Manufacturer List Default Passwords

While IPVM strongly recommends using complex passwords, users may still need to know defaults when cameras are first configured or factory defaulted, and finding these credentials can be aggravating, with many manufacturers burying them in PDF manuals or not documenting them at all.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:

  • ACTi: admin/123456 or Admin/123456
  • Amcrest: admin/admin
  • American Dynamics: admin/admin or admin/9999 
  • Arecont Vision: none
  • AvertX: admin/1234
  • Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
  • Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)
  • Basler: admin/admin
  • Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
  • Brickcom: admin/admin
  • Canon: root/camera
  • Cisco: No default password, requires creation during first login
  • Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin
  • Digital Watchdog: admin/admin
  • DRS: admin/1234
  • DVTel: Admin/1234
  • DynaColor: Admin/1234
  • FLIR: admin/fliradmin
  • FLIR (Dahua OEM): admin/admin
  • FLIR (Quasar/Ariel): admin/admin
  • Foscam: admin/<blank>
  • GeoVision: admin/admin
  • Grandstream: admin/admin
  • Hanwha: admin/no default password, must be created during initial setup
  • Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Honeywell: admin/1234
  • IndigoVision (Ultra): none
  • IndigoVision (BX/GX): Admin/1234
  • Intellio: admin/admin
  • Interlogix admin/1234
  • IQinVision: root/system
  • IPX-DDK: root/admin or root/Admin
  • JVC: admin/jvc
  • Longse: admin/12345
  • Lorex: admin/admin
  • LTS: Requires unique password creation; previously admin/12345
  • March Networks: admin/<blank>
  • Mobotix: admin/meinsm
  • Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
  • Oncam: admin/admin
  • Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345
  • Pelco: New firmwares require unique password creation; previously admin/admin
  • Pixord: admin/admin
  • Q-See: admin/admin or admin/123456
  • Reolink: admin/<blank>
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung (new): Previously admin/4321, but new firmwares require unique password creation
  • Sanyo: admin/admin
  • Scallop: admin/password
  • Sentry360 (mini): admin/1234
  • Sentry360 (pro): none  
  • Sony: admin/admin
  • Speco: admin/1234
  • Stardot: admin/admin
  • Starvedia: admin/<blank>
  • Sunell: admin/admin
  • SV3C: admin/123456
  • Swann: admin/12345 
  • Trendnet: admin/admin
  • Toshiba: root/ikwd
  • VideoIQ: supervisor/supervisor
  • Vivotek: root/<blank>
  • Ubiquiti: ubnt/ubnt
  • Uniview: admin/123456
  • W-Box (Hikvision OEM, old): admin/wbox123
  • W-Box (Sunell OEM, new): admin/admin
  • Wodsee: admin/<blank>

If we have missed a manufacturer or made errors, please comment (or email info@ipvm.com) and we will add/fix it.

Missing? May Be An OEM

Dahua and Hikvision have 100+ relabelers/OEMs and many of them may simply use the same password requirements as their base manufacturer. If your chosen manufacturer is not listed, check our Hikvision OEM Directory and Dahua OEM Directory to see if they may be relabeled.

Strong Password Measures Increasing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Several manufacturers, including Hanwha, Hikvision, and Panasonic, now require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters, seen below.

Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays the message when logging into cameras using firmware 6.20 and above. Dahua includes a similar prompt.

Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods. 

Using Default Passwords

The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.

However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.

Readers should see our Network Security for IP Video Surveillance Guide for more information on passwords and other security measures.

Real World Risk: Mirai Botnet Use of Default Passwords

Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a powerful example of why default passwords should not be used nor should they be allowed to be used after setup.

For more on this and other vulnerabilities, see our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits.

[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016 and 2018]

8 reports cite this report:

Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Default Passwords Outlawed in California, US To Follow on Oct 09, 2018
A new California bill aimed at improving security for connected devices has been signed into law. The law takes aim especially at passwords on...
IPVM Vulnerability Scanner Released / Deprecated on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
ONVIF Profile Q Aims To Change Discovery and Default Passwords on Jan 13, 2015
ONVIF is gearing up to release a new profile, called Q. They market it as providing "quick configuration and installation, providing innate...
IP Camera Passwords - Axis, Dahua, Samsung on Oct 15, 2014
IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for...

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Subnetting for Video Surveillance on Apr 30, 2019
This guide explains when subnetting is used on security networks, and how it works. We explain how to add or remove IP addresses to your range,...

Most Recent Industry Reports

EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from Both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...