"Helpful" ********
* ***** ********, **********, ******* **. ****** than ***** *** ****** as *** ** *** business (*** ******* ******), they ******** * "***** Password ****" *** ** (XiongMai) ********:

*** ********* ***** ** a ****** **** *********** ****, ***** *** *** pre-computed ****** ******** *** each *** ** ****.

Super ******** ***** ***** ****
*** "***** ********" ******** local ****** ** *** device **** ****, ********* to **********. *** *********, the ******** *** ** entered ******** *** *** standard **, *** *** cameras ** ********** ******* utility ** ******** ** send *** ********/***** ********. In ****** ****, *** end ****** ** * device **** *** ***** password *******, ******** *** a *** ***** ******** to ** ***.
But ***** *** *** ******
***** ********* *** **** for *** ****** ****** and **** *** ****** on ******* *** ****** specific *********** **** ****** number ** *** *******.
Compared ** ********* ****** *********
********* ******** ********* * ****** password ** **** ****** to * ****** **** a ********* ***** ********, however *** ********* *** also **** ** **** the ****** ****** ** the ******. ** ********* the ****** ****** ** part ** *** *********** there ** ** ****** list ** "****** *********" for *********, ******** *** chances ** **** ********. Hikvision *** **** ***** a ****-***** ******** *****, ******** ***** ** enter ******** ********* **** can ****** ** *******/***** a ********* ********.
Vulnerability ********
***** **** ****** **** being **** ** ******** reset *** ***** ********, this ************* ***** ***** up * *********** ************* ** users. ** ******** *** gains ****** ** *** LAN *** ** ******** PC, ****** ******* ******, or ***** ****** ********* to *** ** * reverse ***** *** ****** access ***** ******* ***** passwords ** *** ***** access ** ******* ** recorders, ******* ** *** potential *** ********** ********, or **** ********* ***** in ********* *********.
Sign ** *** ******?
** **** ** *********** that **** ******** ***** to ******* ***** ***********, instead ** *** ******, in ***** *****. **** could ** * **** that **** ***-****** ******* resellers *** ******* ** difficult ** *** *** more *********** ** *******, and *** **** ** resort ** ***** ******* to ******* *** ********.
Comments (9)
Undisclosed #1
For DVR's work locally means the LAN, not the just the console?
Create New Topic
Blake Murphy
So many dots connected with this article.
I await future "promotional" emails
Create New Topic
Undisclosed Integrator #2
They'll soon promote Analog HD as being more secure than IP. only 1 password to worrry about!!!!
Create New Topic
Undisclosed Manufacturer #3
Interesting looking through the passwords... There are a lot of repeated sequences throughout the year at the end of the code. I think their code is pretty weak.
Create New Topic
Paul Curran
I got the same email. Really odd. Questions..
1). Why would you have this backdoor in 2016?
2). Why would you email it when XiongMai are clearly up for a fight.
Create New Topic
Undisclosed Distributor #4
Nothing new ,Hikvision's secure code generator based on serial number and date has been on the web for many years! I don't consider it an issue as you need to be on site in order to clear the password.
Just look at your broadband routers, they have a factory reset button , a one-touch wifi connection, one password for all and remote access. I haven't seen much negative publicity on that subject and there are more routers than CCTV system around the world.
Xionmai used to use telnet ( local ) but decided on one password per day just like Dahua did. Dahua has now revised the " one password " facility. Hikvision also used to have Telnet.
Create New Topic