IP Cameras Default Passwords Directory

Author: Ethan Ace, Published on May 28, 2016

Finding an IP camera's default password can be tedious or aggravating. And keeping up with changes in newer firmwares can be difficult, especially for occasional users. 

With that in mind, we have gathered this list of IP camera manufacturers and their default usernames and passwords to help users get started more quickly. After the list, we discuss recent changes by manufacturers as well as password security issues.

[Don't miss downloading our free IP video surveillance book.]

Manufacturer List

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults, or differences in newer/older firmwares, we have noted it:

  • ACTi: admin/123456 or Admin/123456
  • American Dynamics: admin/admin or admin/9999 
  • Arecont Vision: none
  • Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
  • Axis: Traditionally root/pass, new Axis cameras require password creation during first login (though root/pass may be used for ONVIF access)
  • Basler: admin/admin
  • Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
  • Brickcom: admin/admin
  • Canon: root/camera
  • Cisco: No default password, requires creation during first login
  • Dahua: admin/admin
  • Digital Watchdog: admin/admin
  • DRS: admin/1234
  • DVTel: Admin/1234
  • DynaColor: Admin/1234
  • FLIR: admin/fliradmin
  • FLIR (Dahua OEM): admin/admin
  • Foscam: admin/<blank>
  • GeoVision: admin/admin
  • Grandstream: admin/admin
  • Hikvision: Previously admin/12345, but firmware 5.3.0 and up requires unique password creation
  • Honeywell: admin/1234
  • Intellio: admin/admin
  • IQinVision: root/system
  • IPX-DDK: root/admin or root/Admin
  • JVC: admin/jvc
  • March Networks: admin/<blank>
  • Mobotix: admin/meinsm
  • Northern: Previously admin/12345, but firmware 5.3.0 and up requires unique password creation
  • Panasonic: Previously admin/12345, but firmware 2.40 requires username/password creation
  • Pelco Sarix: admin/admin
  • Pixord: admin/admin
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung (new): Previously admin/4321, but new firmwares require unique password creation
  • Sanyo: admin/admin
  • Scallop: admin/password
  • Sentry360 (mini): admin/1234
  • Sentry360 (pro): none  
  • Sony: admin/admin
  • Speco: admin/1234
  • Stardot: admin/admin
  • Starvedia: admin/<blank>
  • Trendnet: admin/admin
  • Toshiba: root/ikwd
  • VideoIQ: supervisor/supervisor
  • Vivotek: root/<blank>
  • Ubiquiti: ubnt/ubnt
  • Uniview: admin/123456
  • W-Box: admin/wbox123
  • Wodsee: admin/<blank>

If we have missed something or made errors, please comment (or email info@ipvm.com) and we will add/fix it.

Trend Toward Strong Passwords

Several manufacturers, including Hikvision, Samsung, and Panasonic, have begun to require unique passwords by default, with most requiring a mix of upper and lowercase letters, numbers, and special characters.

Others do not require unique passwords, but prompt users to set strong passwords when logging into the camera. For example, Bosch displays this message when logging into cameras using firmware 6.20 and above:

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Readers should see our IP Camera Passwords Report for more information on these manufacturers and methods.

Using Default Passwords

The use of default passwords in production systems is considered poor practice. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords, documented in a secure location. This prevents access to the network using simple password guessing, requiring a more skilled attacker and more complex methods.

However, there are many who still claim default passwords are fine, especially if the surveillance system is on a dedicated network, without access to other client systems. Doing so may also make it easier for techs to access cameras, but anyone with access to the network (authorized or not) may use the default password to access cameras.

Readers should see our Network Security for IP Video Surveillance Guide 2016 for more information on passwords and other security measures.

October 2016: Mirai Botnet Use of Default Passwords

Waves of unprecedented botnet attacks against major Internet sites have been driven by hacked video surveillance devices that make use of default passwords plus telnet access. This is a power signal of why default passwords should not be used nor should they be allowed to be used after setup.

[Note: This post was originally published in 2012 but was substantially revised and updated with new camera information and changes in default password approach for 2016.]

 

5 reports cite this report:

Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
New ONVIF Profile Q Aims To Change Discovery and Default Passwords on Jan 13, 2015
ONVIF is gearing up to release a new profile, called Q. They market it as providing "quick configuration and installation, providing innate...
IP Camera Passwords - Axis, Dahua, Samsung on Oct 15, 2014
IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for...

Related Reports

Last Day Save $50 - IP Networking Course on Mar 30, 2017
Last Day to Save $50 on the May IP Networking Course. This is the only networking course designed specifically for video surveillance...
Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...
Hikvision New Security Vulnerability on Mar 12, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...
FLIR Responds to Dahua Backdoor on Mar 10, 2017
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure: Certain FLIR and Lorex branded products that...
Hikvision Firmware Decrypted on Mar 09, 2017
A developer has decrypted Hikvision's firmware, allowing examination of Hikvision's device source code and contents. In this report, we overview...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...
Who Is Hacking Hikvision Devices? on Mar 06, 2017
Someone or organization is mass hacking Hikvision devices, actively and systematically running a script / program across the Internet that looks...
Directory of DIY Alarm Systems on Mar 03, 2017
The fastest growing segment of the alarm market is Do It Yourself (DIY) systems. This directory covers DIY products for central station, push...

Most Recent Industry Reports

Last Day Save $50 - IP Networking Course on Mar 30, 2017
Last Day to Save $50 on the May IP Networking Course. This is the only networking course designed specifically for video surveillance...
Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...
$10,000 Free VMS Licenses For New Dealers IPConfigure on Mar 29, 2017
Another gimmick or a real deal? The company that brought 'Unlimited' Enterprise VMS License for Just $32,000 and a cannon to ISC West are back with...
Genetec and Axis Power Comcast's SmartOffice on Mar 29, 2017
Comcast has more than 20 million subscribers and $80 billion in revenue. Now Comcast is partnering with Genetec and Axis to deliver a...
IP Cameras Lose Buy America Protection on Mar 28, 2017
IP Cameras have lost the US government's 'Buy America' protection as the Security Industry Association (SIA) successfully lobbied the government to...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Anixter Favorability Results on Mar 28, 2017
Anixter's direct sales and integrator anger about it has been in the news recently: Anixter / Bosch Sells Direct to Amazon Anixter Touts...
Chinese Government Spies on Churches With Video Surveillance on Mar 27, 2017
The Chinese government is using video surveillance to spy on churches in China, reports UCANews, explaining: The [Chinese government]...
Hanwha Wisenet X Tested on Mar 27, 2017
Hanwha has released their latest generation, the Wisenet X series, powered by their new Wisenet 5 processor. This new series claims improvements...
Burglar Alarm Sirens Guide on Mar 27, 2017
Sirens are used to alert users to an alarm condition. In this note, we examine how to choose, locate, and install alarm sirens, including Siren...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact