That was an exploit(some might say backdoor :)) which was updated later on, hence you cant get configuration file like that on newer firmware's.
Only possible reset method is via authorized distributer or hikvision itself.
OR flashing same firmware or tad older might factory reset it.
Most of us here are not going to say "thank goodness they got rid of the plug-in and now I can put my cameras on my networks with no worries".
We know the firmware is still compromised and can be hacked. In most cases easily with backdoor exploits.
All I mean is there are tons of articles...
@pc1 has not reported back the findings in a completely isolated system and doing sniffing to see if any funny behavior is going on. I am under the impression he hasn't ran the .exe file yet.
Regardless, in your first situation with Hikvision, I suspect that would have occurred whether you ran...
Hoping you are still on this thread and see this....
I'm having the same issue but with older firmware on my cameras of v5.3.o and NVR V3.0.19 (I don't know what any of this means)
If I am to follow your advice and get the configuration file, would you be able to decode it and get my...
Thanks for answer.
I absolutely agree. it's not just the firmware that's the problem here. some security measures need to be taken in general.
at least basic security should be established. as you mentioned, every day a vulnerability is published and it messes up the system
I never thought of...
Unix and old firmware isn't the issue - these devices are known to have vulnerabilities and backdoor exploits and cameras with brand new current firmware still get hacked. Getting them off the internet is the only way.
Hikvision can be attacked if given internet access. ANY camera can be...
Just keep in mind that is a band-aid solution and as long as you have the cameras on the router, the problem could creep up at any time. Add a new device, streaming stick, phone, etc. and you could be back at the same problem. Add another camera and the system will probably become unstable...
That version of firmware has the Hikvision 'backdoor vulnerability', so you should be able to extract the configuration file with no credentials.
Then it should be able to be decrypted and decoded to reveal the plaintext admin password.
With the camera powered up on the same LAN as the PC, and...
Again, read what you thought was a bot LOL. There are vulnerabilities within P2P itself and the device whether it is a camera or NVR.
Flat out these devices are not secure, which is ironic LOL.
It comes down to your level of convenience and amount of risk you want to take. Everything in life...
Yes, it's been good fun using it!
But be aware, Hikvision did and still do read IPcamtalk and often react to publicly exposed tricks and exploits by fixing up their firmware.
So to counter this 'trojan horse' method of pulling an NVR password they introduced initially an optional and later a...
There are a number of camera vulnerabilities and password reset tools that may be able to help you, if the cameras are old enough.
Most likely the cameras all have the same password, so if any of the cameras are running firmware from 2014-2016, there's a good chance it has a vulnerability that...
Hi.
I have this camera in picture..i flash the bios from another same camera,so there are two mac address appear
i need to log on the shell of camera to get the dev.type value but the ssh or telnet is not connected
this camera R0 or R6 series ??
any idea ??
That would require the admin password for that version of firmware, the 'backdoor vulnerability' has been fixed.
You need to try the 'password reset' process using SADP, which exports a reset request XML file that you send to Hikvision technical support and hope for a response.
The alternative...
Maybe. I think that version of firmware has the 'backdoor vulnerability' that allows the configuration file to be extracted without authentication.
If so - the file can be decrypted and decoded to reveal the admin password.
Suggestion to try :
Assuming the PC is on the same network as the...
Unless the release notes specifically mention it fixing a problem you are experiencing, more than likely it won't fix an issue and may make the camera or NVR worse by removing functionality or worse brick it.
Another thing to consider is that the same model could have different firmware for...
I made an account just to say a big thank you, i found a couple of DS-2CD2T22 discarded in scrap equipment that was going for recycle. It was functional but there was no way to recover admin pass. The password changer worked perfectly, since the cameras were on original firmware. It would be...
Hi, I have a setup with Hikvision NVR, 4 Hikvision Cams and unfortunately 4 No-Name Ip cams. Last week I checked my NVR via Hik-Connect and all these 4 No-Name cams were offline. I first suspect it was hacking because I remembered that I left the cams credentials as admin/admin.:facepalm: I just...
...versions into the public domain.
A well-used tool is hikpack by forum member @montecrypto who discovered one of the original Hikvisionbackdoor vulnerabilities.
The public version is attached.
This still works fairly well on almost all versions of Hikvision NVR firmware, though Hikvision...
...the admin password is
asdf1234
These passwords indicate that both cameras were subject to a hackerbot campaign which used the 'Hikvisionbackdoor vulnerability' when they were exposed directly to the inhternet, possibly by UPnP being enabled on both router and camera, or by port forwarding...
Thanks for the quick response. Greatly appreciated.
To be honest, I did have a cursory look at the TP Link Omada but not in sufficient detail. I am not a networking guy per se and hence I don't want to stuff up too many things.
The reason I selected Cloud Key Gen2 Plus is because it costs...
Hi Everyone
Thank you all for providing your leads in to my needs and extremely sorry for the delayed response. Got awfully busy at work. So once, again sorry!
djernie -> I did look at some of the Dell Optiplex and HP Elite options and they look OK for around AUD 200 and 300. So that's OK...
IP Camera System General Considerations
Information in this section was contributed by @matt200 and @giomania
Common Mistakes
Brand preference: No single manufacturer system or product is able to do it all.
Megapixel (MP) Mania: 4K / 8 MP cameras are great in daylight, but 2 MP cameras...
Most of 5.4.0 has the Hikvision 'backdoor vulnerability'.
Try this (with a PC having an IP address in the same range as the camera) in the browser and see if it emits a configuration file with no credentials prompt :
http://<camera_IP_address>/System/configurationFile?auth=YWRtaW46MTEK
...has used the option to separate the passwords) the camera is Activated using the NVR admin password.
Then, if the camera has the 'Hikvisionbackdoor' vulnerabilty (most except G0 series) the configuration file can be extracted with no authentication.
When decrypted and decoded the password is...
Hi all, I bought an old Annke Cube I61DR and because of the backdoor issue went an upgraded the firmware, In my enthusiasm after seening 4 further upgrade versions I went ahead and installed them one by one, all sucsessfully, now rather pleased with myself..... however it turns out that although...
No, it didn't.
That's a pity, it would have been an easy fix.
The next method (apart from doing things via the serial console connector) would be applying ideally the same firmware version using the Hikvision tftp updater.
https://www.ipcamtalk.com/downloads/tftpserv.9/
But the uncertainty is...
That's a good start.
SADP shows that the firmware version on the camera(s) is in the range where it may have the Hikvision 'backdoor vulnerability'.
If so, the configuration file can be dumped without needing authentication, and decrypting and decoding it will reveal the admin password...