Accounts?

[Nick70068]

I noticed an account called "service" on my NCR5208-8p-4KS2? Is this a required account?

Are there any "required" accounts on the NVR other than admin and user accounts?

 

[steve1225]

No it is not...

I read a few similar reports in past about extra accounts on NVR...
Usually this means that NVR is hacked..

Best to do firmware upgrade to latest one:

Dahua Technology - World-leading Video-centric AIoT Solution and Service Provide

Dahua Technology

www.dahuasecurity.com

delete extra account, change password for admin and other accounts and also for all cameras..

 

[bigredfish]

Are you port forwarding in your router?

 

[Nick70068]

Are you port forwarding in your router?

No.

 

[wittaj]

Did you scan a QR code or using P2P?

 

[Nick70068]

Did you scan a QR code or using P2P?

Years ago when I first set the NVR up, but then it was disabled.

 

[wittaj]

So it is connected to the internet and you can view it when not home and get alerts (if you set it up that way)?

Sounds like maybe one of the backdoor vulnerabilities that the NVR folks say doesn't exist anymore....

Are you on the most recent firmware?

 

[Nick70068]

No I am not. After reading people bricking their routers including the NCR5208-8p-4KS2, I decided not to upgrade.

 

[bigredfish]

So it is connected to the internet and you can view it when not home and get alerts (if you set it up that way)?

Sounds like maybe one of the backdoor vulnerabilities that the NVR folks say doesn't exist anymore....

Are you on the most recent firmware?

Same as Windows dude
Do we really want to compare the number of Windows vulnerabilities to a Dahua NVR?

 

[bigredfish]

Years ago when I first set the NVR up, but then it was disabled.

If it’s indeed hacked it was likely exposed to the internet at some point.
Do what @steve1225 suggested

Is it possible you had someone login to help you setup or troubleshoot at some point?

 

[Nick70068]

If it’s indeed hacked it was likely exposed to the internet at some point.
Do what @steve1225 suggested

Is it possible you had someone login to help you setup or troubleshoot at some point?

No, I was the only one. System has been operating for 5 years.

Yes, I am reading on upgrading the firmware. I just dread I doesn't get bricked.

 

[Nick70068]

Okay, if someone was able to access the login page of the NVR, How are they able to get into the system without knowing the correct password? BTW, all passwords are strong on my systems.

 

[bigredfish]

Could be lucky, could be automated brute force, could have been a vulnerability that wasnt patched.

 

[bigredfish]

There are two FW's available on the Dahua site. Make sure if your model is a 4KS2 or 4KS2E

Dahua Technology - World-leading Video-centric AIoT Solution and Service Provide

Dahua Technology

www.dahuasecurity.com

 

[wittaj]

Same as Windows dude
Do we really want to compare the number of Windows vulnerabilities to a Dahua NVR?

If you really want to go there LOL...

We seem to see more people coming here with hacked NVRs than hacked BI where the computer was only used for BI...now someone using the computer for the daily use computer and BI and opened ports, yeah that is opening up a can of worms, just like opening ports for an NVR.

Show me a vulnerability that Windows has that they didn't close immediately and show me how quickly (it isn't) Dahua sends out a firmware update to close a vulnerability.

Sure windows has lots of attempts and vulnerabilities found because the number of people using windows is orders of magnitude greater than those using NVRs so they target the platforms with the most users..what anti-virus software is running on an NVR again?

Heck windows sends out more updates in a month than Dahua does for an NVR over its entire life.

How many times do we see a dahua firmware update come out to fix a vulnerability discovered a year prior - it seems that is the case more often than not. In most instances it is days when a windows vulnerability is found.

Prove me wrong LOL....

I get it, we each are going to defend our preference for a VMS system LOL

As you and I both preach, it is better to set up VPN regardless of which VMS/NVR is used.

 

[steve1225]

We seem to see more people coming here with hacked NVRs than hacked BI where the computer was only used for BI...now someone using the computer for the daily use computer and BI and opened ports, yeah that is opening up a can of worms, just like opening ports for an NVR.

Show me a vulnerability that Windows has that they didn't close immediately and show me how quickly (it isn't) Dahua sends out a firmware update to close a vulnerability.

There are 2 problems in Dahua world with automatic firmware updates:

• people don't turn on (or disable this option),
• they have OEM or American version of equipment where automatic updates don't work due changing of model id (lack of DH- for OEM, different model id for Dahua USA models),

Also in NVR world opening port on router is much popular that in Windows / VMS / BI world..

Big plus of Dahua - there is fresh security advisory with many vulnerabilities (2024-07-31)..
In July & August Dahua refreshed firmware for all cam & NVR lines, even deprecated for some time..

Security Advisory –Vulnerabilities found in some Dahua products - Dahua International

Security Advisory –Vulnerabilities found in some Dahua products

www.dahuasecurity.com

Of course they didn't tell about this security advisory in release notes, which were usually empty..
But they reacted..

 

[wittaj]

It certainly doesn't help that most here preach don't update cameras and NVRs due to so many bricking their device for variety of reasons (wrong firmware or the device simply wonks out). When was the last time a computer bricked updating windows?

So the question always comes is it worth the risk to update and have a plan b in case it goes south.

Or keep stuff off the internet to reduce the vulnerabilities.

 

[bigredfish]

If you really want to go there LOL...

We seem to see more people coming here with hacked NVRs than hacked BI where the computer was only used for BI...now someone using the computer for the daily use computer and BI and opened ports, yeah that is opening up a can of worms, just like opening ports for an NVR.

Show me a vulnerability that Windows has that they didn't close immediately and show me how quickly (it isn't) Dahua sends out a firmware update to close a vulnerability.

Sure windows has lots of attempts and vulnerabilities found because the number of people using windows is orders of magnitude greater than those using NVRs so they target the platforms with the most users..what anti-virus software is running on an NVR again?

Heck windows sends out more updates in a month than Dahua does for an NVR over its entire life.

How many times do we see a dahua firmware update come out to fix a vulnerability discovered a year prior - it seems that is the case more often than not. In most instances it is days when a windows vulnerability is found.

Prove me wrong LOL....

I get it, we each are going to defend our preference for a VMS system LOL

As you and I both preach, it is better to set up VPN regardless of which VMS/NVR is used.

I see VERY few hacked NVR's. Yes it happens due to users opening ports for their cameras. Saying Windows doesnt get hacked at least as often isnt serious.

 

[tigerwillow1]

My NVR has never been hacked that I'm aware of. Ditto for win7 and linux. Last time I had a known hack was on XP