Cameras RESETTING to DEFAULT by themselves, loosing IP address

[peterk12]

Hello
I have 4 Hikvision cameras, grey import I believe.
3 x DS-2CD2335-i2
1 x DS-2CD2232-i5
So I have 2 models of cameras, running on Blue Iris, all perfectly for over 1 year.

Problems is , both models of cameras will every day or two , RESET to FACTORY settings so I will loose conections.
Usually one camera will do this once every 24-48 hours... and then one of the other 4 will do it. However the most common one I think is the most active one at the front of the house, so one does it way more than the others.
The camera become INACTIVE ( I must reactive it on IVMS4200 ), will loose the password, will loose all IP address settings and reacquire the factory IP address. I then have to spend a few minuets resetting everything up with IVMS4200 /SADP tool software.

Being a grey import , I'm told I cant upgrade FIRMWARE.. but I'm not sure if this is indeed the problem.

Is there a "common" problem that explains the cameras resetting themselves to default?

Help is so much appreciated.
regards
Peter

 

[Moorsie]

I have the same issue even after the firmware updates. To the point where I think I am going to have replace the cameras as at the moment they only light up at night!

 

[alastairstevenson]

Is there a "common" problem that explains the cameras resetting themselves to default?

Yes, the automated hacking that resulted from the publication of exploit details of the 'Hikvision backdoor' serious vulnerability.
All your cameras are running vulnerable versions of firmware.
And presumably you are exposing them to the internet for the bots to access.

Being a grey import , I'm told I cant upgrade FIRMWARE..

Plenty of people have upgraded their R0 CN cameras following the large-scale problems.
Check this out : Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
.
Note, by the way, that setting strong passwords will not protect against this hack.
Stop the port forwarding until you can set up more secure remote access such as a VPN.

 

[marku2]

Yes, the automated hacking that resulted from the publication of exploit details of the 'Hikvision backdoor' serious vulnerability.
All your cameras are running vulnerable versions of firmware.
And presumably you are exposing them to the internet for the bots to access.

Plenty of people have upgraded their R0 CN cameras following the large-scale problems.
Check this out : Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
.
Note, by the way, that setting strong passwords will not protect against this hack.
Stop the port forwarding until you can set up more secure remote access such as a VPN.

Won’t be long now and you will be able to explore this intriguing situation Alastair

 

[alastairstevenson]

Won’t be long now and you will be able to explore this intriguing situation Alastair

Yes indeed, I'm looking forward to it, counting the hours ...
I hope I'm up to it.

 

[anderson110]

I am also suffering the same problem. However, the twist for me is I am not port forwarding anything, and I don't think I ever was.

Wait a minute.

From the default settings, uPNP is checked. Does this mean my camera was exposed to the internet, even if my router did not have any port forwarding set up?

 

[Jablan]

Yes, upnp portforwards automaticaly

 

[alastairstevenson]

From the default settings, uPNP is checked. Does this mean my camera was exposed to the internet, even if my router did not have any port forwarding set up?

This suggests that the router has UPnP enabled - which would also allow any other device on your LAN to open ports from the internet to internal destinations on your LAN.

Suggestion:
Check the current inbound holes if any in your router with something like ShieldsUp! (all ports) GRC | ShieldsUP! — Internet Vulnerability Profiling  
and hope for no surprises.
If you're curious you could (temporarily) re-enable UPnP on the camera to see the effects.
Then go in to your router admin pages and turn off UPnP.

 

[anderson110]

This suggests that the router has UPnP enabled

Indeed, that was also enabled by default.

- which would also allow any other device on your LAN to open ports from the internet to internal destinations on your LAN.

Yep.

Suggestion:
Check the current inbound holes if any in your router with something like ShieldsUp! (all ports) GRC | ShieldsUP! — Internet Vulnerability Profiling
and hope for no surprises.
If you're curious you could (temporarily) re-enable UPnP on the camera to see the effects.
Then go in to your router admin pages and turn off UPnP.

Kind of stunning to me that this is enabled by default on both sides. I was under the impression that if I didn't explicitly port forward anything, then nothing was exposed to the internet. That was wrong. I turned it off both places.

Should my camera stop resetting to factory now?

 

[dougsingle]

I am having the same issue with 20 cameras... they have been down a month while I try to run the necessary hacks to get them to 5.4.5.... luckily, I found that by changing the default ports that my cameras ran on...they have all been running for about 5 days now. They didn't run for 5 hours using the default setup. Maybe you might have the same luck...

 

[eXtremer]

Guys, obviously the scanners that use the exploit are scanning port 8000 by default, so if you change the port number you will 99.9% get rid of the problem, but it's better to upgraded to the latest firmware.

 

[o6blink]

Same problem here and a dumby question but need to start somewhere: How do I disable port forwarding on the hikvision cameras in IVMS? I have one of my cameras that keeps factory resetting because of the hack.

Also mentioned about setting up a VPN. How can I go about this? Thanks ahead

 

[mvaldes]

Hello,
I’ve two IPC camera model DS-2CD2132F-IS that I bought two years ago from a UK seller.
I’ve been using these IPC cams since then attached to a Synology NAS and its Surveillance Software.
Everything was fine but NAS was very slow so I decided to buy an Hikvision NVR
One week ago I connected the new NAS and suddenly both cameras start resetting themselves to factory default.
I thought that probably a firmware update of the new received NVR could solve the problem, but it didn’t
I then decided to update the firmware of the cameras since both have 5.2.5 141201

Took the first one, send the firmware form web GUI..... and that is the exact moment when I discovered that i have two chinese version camera and that I have bricked one of them
I found this site (too late…) and I’ve been able to restore the 5.2.5 141201 firmware on that camera (thank you so much guy for you precious job….)
I then decided to revert back to the Synology NAS but the unbricked camera still resetting itself to factory default while the one with original firmware is rock solid.

The very strange things is that these camera began resetting only when I connected them to a Hikvision NVR.
Why the original firmware is safe on Sinology NAS while the firmware that I used to unbrick the camera is not safe on the same NAS ?

 

[alastairstevenson]

Check if you are allowing access from the internet into your LAN, either deliberately or without realising it (eg UPnP enabled on a camera / NVR / NAS and your router) by checking all ports with a service such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling  

 

[mvaldes]

Checked with ShieldsUP but no ports open.
There was the UPnP and EZIVIZ P2P enabled on both cameras. I've disabled both option and now the camera didn't reset again to factory default.
Anyway, in the next days I will try to update the firmware to the latest version, so I can try again the Hikvision NVR

 

[alastairstevenson]

There was the UPnP and EZIVIZ P2P enabled on both cameras.

It sounds like the router doesn't have UPnP enabled, otherwise you would have found some open ports you didn't know about.

 

[reeves1985]

I too have been experiencing this on 2 2023 grey imports and also the huisun ptz speed dome.
The only similarity betwen the 2 brands is they are all connected to a hikvision nvr.

Bern running fine for a few years up until a few months ago.
Though the cameras were on the blink.
Been away from the scene a while with other things going on but I'm glad I've seen this.
I' going to have to go into my virgin hub 3 and see if anything going on as it' correlates to me receiving a new hub from virgin as well.

Far too coincidental for my liking.

 

[alastairstevenson]

The only similarity betwen the 2 brands is they are all connected to a hikvision nvr.

Maybe there is a Hikvision NVR backdoor that's being exploited, in a similar way to the Hikvision camera backdoor.
A bit of a coincidence that this is happening to a few users.

 

[reeves1985]

Maybe there is a Hikvision NVR backdoor that's being exploited, in a similar way to the Hikvision camera backdoor.
A bit of a coincidence that this is happening to a few users.

Yes definitely
I' going to hae to have a look in my virgin router to see if anything is open as with them all being grey imports of rather not update unless I really have to