53H20L_S39 admin password unknown

TDragonite · Feb 5, 2019

Hello everyone.
A few years ago I bought a kit of 6 IP cameras and an NVR with proprietary software from a company that offered an annual support contract. They did not give me the admin passwords.

Unfortunately now the company failed, and I find myself in need to have the password of these cameras admin to make changes to the configuration with the CMS software. I searched for a long time on internet, and I found a procedure that requires telnet (I think through a security exploit), but on these cameras it is disabled.
Is there any way to reset or recover the admin password? I would not have to throw everything ....
Also, if there's a way to recover the password, where can I find latest firmware for this cameras?
Thank you in advance!

alastairstevenson · Feb 5, 2019

TDragonite said:
Is there any way to reset or recover the admin password?

Presumably you have checked that they were not left at the default values?
Eg admin and no password

They seem like xiongmaitech cameras - in which case they are very insecure and you may be able to hack them.
Naming & Shaming Web Polluters: Xiongmai — Krebs on Security
A google search might yield an exploit to reset the passwords, or gain admin access.
I've not looked - it's getting late over here .

alastairstevenson · Feb 5, 2019

TDragonite said:
but on these cameras it is disabled.

Maybe on a non-standard port? Try a port scan, if you haven't already.

pozzello · Feb 5, 2019

looks like you already have the latest firmware...
Hangzhou Xiongmai Technology Co.,LTD.-(00002532)IPC53H20L_S38 V4.0.R11.00002532.1

and the Krebs report pointed at by Alastair indicates
<quote>
There is an undocumented user with the name “default,” whose password is “tluafed” (default in reverse). While this user account can’t change system settings, it is still able to view any video streams
</quote>

So you may recover some functionality that way even without admin access...

pozzello · Feb 5, 2019

but hey, you asked about latest firmware, so do you have a way to update the cams despite not knowing the admin password?

If so, re-uploading the same/latest firmware may well put the cams back to factory state with known/default admin password...

TDragonite · Feb 6, 2019

Hi guys,
thank you all for the answers

!

Presumably you have checked that they were not left at the default values?
Eg admin and no password

I've tried with the default credentials (admin, no password, and also other that I've found with Google), they don't work, so I think the company has changed them.

A google search might yield an exploit to reset the passwords, or gain admin access.

The only shared exploit that I've found expect that telnet is enabled and..

Maybe on a non-standard port? Try a port scan, if you haven't already.

.. it's not

I've found only a debug console port but I can't do anything.

but hey, you asked about latest firmware, so do you have a way to update the cams despite not knowing the admin password?

Unfortunately, I was just asking in the case I could recover the admin password. I don't know if I can restore the firmware in another way

.

Again, tnx all for the help!

allthingsspooky · Dec 27, 2019

Try this: Username: admin Password: 111111
or Username: admin Password: admin
or Username: admin Password: 123456 (Worked for me)

Unfortunately most web browsers no longer support the inbuilt software. Good Luck

Search

53H20L_S39 admin password unknown

TDragonite

n3wb

alastairstevenson

alastairstevenson

pozzello

Known around here

pozzello

Known around here

TDragonite

n3wb

allthingsspooky

n3wb

Attachments