SVC-B ip camera reset somehow and locked out ( new )

A few night ago my camera stopped working, so I went in to see what was going on and it won't accept my user name or password and of course I am locked out for 20 mins...

Could it have defaulted or something? I hear a clicking sound from it, never good. I see it in the iVMS Uty.

Model: DS-2CD3132
Firmware: V5.2.5

Any suggestions how to reset this thing password or firmware?

Thanks

Update - used the reset tool and it worked, still not sure how I got locked out of the camera, but I am guessing most of my cameras are running old firmware not sure if I should update them or leave it alone?

if you are port forwarding there is a software bug where someone can reset your camera admin password.

disable port forward and set up a vpn to remote access your home/ camers.

search vpn , and vunerability topics.

update your camera to 5.4.0.

but be careful its not chinese else you brick it.

Dilbertic said:

Update - used the reset tool and it worked, still not sure how I got locked out of the camera, but I am guessing most of my cameras are running old firmware not sure if I should update them or leave it alone?

Click to expand...

It's most likely the camera was hacked due to being exposed to the internet.
If you are not doing that very risky thing deliberately, by using 'port forwarding' to allow remote access, then there are a couple of things worth checking:

First of all, check for any open ports by using the very useful tool ShieldsUp! : GRC | ShieldsUP! — Internet Vulnerability Profiling  
Use the Service Ports check fisrt, and also the UPnP check.

Then - check in the camera web GUI whether UPnP and NAT are enabled, if so, disable them.
Check in your router whether UPnP is enabled, if so disable it.
With UPnP active, the camera can tell the router to allow the internet to access it, and your version of firmware still has the 'Hikvision backdoor' vulnerability.
That's how the reset tool operates.

Lastly - recheck with ShieldsUp! that access is no longer possible.

By the way - common passwords set on hacked cameras are 1111aaaa and asdf1234

Thanks for the great information, I ran shields up and the only found issues on the service port, so I went ahead anyways and turned off port triggering and turned off UPnP on my router. I am glad it had the backdoor for the password reset, but otherwise I bought all 8 of my cameras on ebay not knowing much about them and only to find out later updating the firmware might revert them from English, so I am not sure if I should try or just leave it alone? I did upgrade the firmware on NVR and that's been working fine. I do have a no-ip domain, but it hasn't worked right since one of the firmware updates wiped the unit and I don't a dork by not writing down the settings.

I just rechecked all service ports and it looks like the port was closed from the changes I made Strange thing is they only hacked one camera, so I am still thinking it might be a glitch or something, I did hear the camera clicking alot and unplugged it from power for awhile. I don't seem to have luck with dome cameras, it's the 2nd one that has had an issue, another one broke !! btw I did change the password to all of unit when I set them up, maybe I missed one I know one of them had an issue with me trying to mess with it...

Thank again for your help and let me know what you think about trying to update the camera's firmware, I have
1ea = DS-2CD3132 v5.2.5
3ea = SVC-B-3201 v5.3.0
1ea = DS-2CD2232-I v5.2.5
1ea = DS-2CD2032-I v5.3.0
1ea = DS-2CD3345-I v5.3.3

I am running the 1608 NVR

Again Thank You

Dilbertic said:

let me know what you think about trying to update the camera's firmware

Click to expand...

The update possibilities depend on whether these are CN language or EN language cameras.
An indication of CN language is the presence of CCCH in the serial number as see by SADP.
Version 5.4.41 is the minimum Hikvision official backdoor-fixed firmware version.

R0 series camera that are CN language can be converted and updated using the 'enhanced MTD hack'.
See the brickfixV2 method here : R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

These of your cameras are R0 series, which if they are CN language could be given the brickfixV2 method :

Dilbertic said:

1ea = DS-2CD3132 v5.2.5
1ea = DS-2CD2232-I v5.2.5
1ea = DS-2CD2032-I v5.3.0

Click to expand...

Looks like most of them are

3ea CCCH
4ea CCWR
1ea AACH

Well not sure what's going on, but my SVC-B-3201 v5.3.0 camera is now acting the same. I can't login and the reset tool doesn't seem to be working ?

UPDATE: TG these SVC-B cameras that use Hikvision firmware have a reset button on the back, so I had to reset the camera back to default settings, but it doesn't explain how the password is being changed or corrupted.

I checked my firewall and it was pointing to 1 camera, I shut that down, except now if you type in my ip address for my ISP my router remote login page pops up and no clue why that's happening.

Dilbertic said:

UPDATE: TG these SVC-B cameras that use Hikvision firmware have a reset button on the back, so I had to reset the camera back to default settings, but it doesn't explain how the password is being changed or corrupted.

Click to expand...

The 5.3.0 firmware is vulnerable to the 'Hikvision backdoor'.
This means that, if port forwarding is configured, either deliberately or by UPnP being enabled on both router and camera, the entire internet can access the camera.
The camera was probably hacked by one of the many bots that target Hikvision devices.
Messing with the password is a common, fairly harmless exploit by the bots.
Common values changed to ar 1111aaaa and asdf1234

Dilbertic said:

if you type in my ip address for my ISP my router remote login page pops up and no clue why that's happening.

Click to expand...

Wow! That's even worse.
The router has 'remote management' enabled.
With all the vulnerabilities and exploits on routers, that's a big risk.
Best duisable it, and also UPnP, on the router and all your LAN devices.

I turned of UPuP thinking that would fix the issue, and it didn't so guess I need to contact netgear and ask why the router is showing up on the internet.... I know pretty strange

disabling UPNP (and rebooting the router to clear any previously opened ports) only prevents INTERNAL devices (like your NVR or cams) from opening ports on the outside of the router.

If you have 'remote management' enabled in your router's UI, it is opening up that port itself regardless of what any internal clients might be asking for. Poke around in your router's UI to find and disable the remote management option.

Remote management is disabled, I also went back to the NVR and made sure any outward to NOIP and one other was closed, it's still strange it open like that, I will check again later today, Thank you for feedback

Dilbertic said:

Remote management is disabled,

Click to expand...

Odd - if you get the router web GUI from your internet address. That's remote management.

Worth doing would be to verify no open ports on standard service ports, and and a selection of higher ones such as 8000, using ShieldsUp!
GRC | ShieldsUP! — Internet Vulnerability Profiling  

did you restart the router after disabling UPNP and remote management?

I did restart the router, in fact if you turn it off and save it forcing the router to reboot, more or less I think port 80 is open on my router somehow for external admin login, even thought that is turned off on the router