Cameras RESETTING to DEFAULT by themselves, loosing IP address

Discussion in 'Hikvision' started by peterk12, Oct 26, 2017.

Share This Page

  1. peterk12

    peterk12 n3wb

    Joined:
    Sep 23, 2016
    Messages:
    1
    Likes Received:
    0
    Hello
    I have 4 Hikvision cameras, grey import I believe.
    3 x DS-2CD2335-i2
    1 x DS-2CD2232-i5
    So I have 2 models of cameras, running on Blue Iris, all perfectly for over 1 year.

    Problems is , both models of cameras will every day or two , RESET to FACTORY settings so I will loose conections.
    Usually one camera will do this once every 24-48 hours... and then one of the other 4 will do it. However the most common one I think is the most active one at the front of the house, so one does it way more than the others.
    The camera become INACTIVE ( I must reactive it on IVMS4200 ), will loose the password, will loose all IP address hik1.JPG hik2.JPG hik1.JPG hik2.JPG hik3.JPG hik4.JPG hik5.JPG settings and reacquire the factory IP address. I then have to spend a few minuets resetting everything up with IVMS4200 /SADP tool software.

    Being a grey import , I'm told I cant upgrade FIRMWARE.. but I'm not sure if this is indeed the problem.

    Is there a "common" problem that explains the cameras resetting themselves to default?

    Help is so much appreciated.
    regards
    Peter
     
  2. Moorsie

    Moorsie n3wb

    Joined:
    Oct 26, 2017
    Messages:
    1
    Likes Received:
    0
    I have the same issue even after the firmware updates. To the point where I think I am going to have replace the cameras as at the moment they only light up at night!
     
  3. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
    Yes, the automated hacking that resulted from the publication of exploit details of the 'Hikvision backdoor' serious vulnerability.
    All your cameras are running vulnerable versions of firmware.
    And presumably you are exposing them to the internet for the bots to access.
    Plenty of people have upgraded their R0 CN cameras following the large-scale problems.
    Check this out : Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
    .
    Note, by the way, that setting strong passwords will not protect against this hack.
    Stop the port forwarding until you can set up more secure remote access such as a VPN.
     
  4. marku2

    marku2 Getting comfortable

    Joined:
    Dec 23, 2016
    Messages:
    901
    Likes Received:
    251
    Location:
    Australia
    Won’t be long now and you will be able to explore this intriguing situation Alastair
     
    alastairstevenson likes this.
  5. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
    Yes indeed, I'm looking forward to it, counting the hours ...
    I hope I'm up to it.
     
    marku2 likes this.
  6. anderson110

    anderson110 n3wb

    Joined:
    Nov 20, 2016
    Messages:
    17
    Likes Received:
    1
    I am also suffering the same problem. However, the twist for me is I am not port forwarding anything, and I don't think I ever was.

    Wait a minute.

    From the default settings, uPNP is checked. Does this mean my camera was exposed to the internet, even if my router did not have any port forwarding set up?
     
    Last edited: Oct 27, 2017
  7. Jablan

    Jablan n3wb

    Joined:
    Mar 31, 2016
    Messages:
    5
    Likes Received:
    0
    Yes, upnp portforwards automaticaly
     
  8. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
    This suggests that the router has UPnP enabled - which would also allow any other device on your LAN to open ports from the internet to internal destinations on your LAN.

    Suggestion:
    Check the current inbound holes if any in your router with something like ShieldsUp! (all ports) GRC | ShieldsUP! — Internet Vulnerability Profiling  
    and hope for no surprises.
    If you're curious you could (temporarily) re-enable UPnP on the camera to see the effects.
    Then go in to your router admin pages and turn off UPnP.
     
  9. anderson110

    anderson110 n3wb

    Joined:
    Nov 20, 2016
    Messages:
    17
    Likes Received:
    1
    Indeed, that was also enabled by default.

    Yep.

    Kind of stunning to me that this is enabled by default on both sides. I was under the impression that if I didn't explicitly port forward anything, then nothing was exposed to the internet. That was wrong. I turned it off both places.

    Should my camera stop resetting to factory now?
     
  10. dougsingle

    dougsingle n3wb

    Joined:
    Aug 21, 2016
    Messages:
    1
    Likes Received:
    0
    I am having the same issue with 20 cameras... they have been down a month while I try to run the necessary hacks to get them to 5.4.5.... luckily, I found that by changing the default ports that my cameras ran on...they have all been running for about 5 days now. They didn't run for 5 hours using the default setup. Maybe you might have the same luck...
     
  11. eXtremer

    eXtremer Young grasshopper

    Joined:
    Oct 22, 2015
    Messages:
    94
    Likes Received:
    10
    Guys, obviously the scanners that use the exploit are scanning port 8000 by default, so if you change the port number you will 99.9% get rid of the problem, but it's better to upgraded to the latest firmware.
     
  12. o6blink

    o6blink n3wb

    Joined:
    Oct 29, 2017
    Messages:
    3
    Likes Received:
    0
    Same problem here and a dumby question but need to start somewhere: How do I disable port forwarding on the hikvision cameras in IVMS? I have one of my cameras that keeps factory resetting because of the hack.

    Also mentioned about setting up a VPN. How can I go about this? Thanks ahead
     
  13. mvaldes

    mvaldes n3wb

    Joined:
    Oct 27, 2017
    Messages:
    3
    Likes Received:
    1
    Hello,
    I’ve two IPC camera model DS-2CD2132F-IS that I bought two years ago from a UK seller.
    I’ve been using these IPC cams since then attached to a Synology NAS and its Surveillance Software.
    Everything was fine but NAS was very slow so I decided to buy an Hikvision NVR
    One week ago I connected the new NAS and suddenly both cameras start resetting themselves to factory default.
    I thought that probably a firmware update of the new received NVR could solve the problem, but it didn’t
    I then decided to update the firmware of the cameras since both have 5.2.5 141201

    Took the first one, send the firmware form web GUI..... and that is the exact moment when I discovered that i have two chinese version camera and that I have bricked one of them
    I found this site (too late…) and I’ve been able to restore the 5.2.5 141201 firmware on that camera (thank you so much guy for you precious job….)
    I then decided to revert back to the Synology NAS but the unbricked camera still resetting itself to factory default while the one with original firmware is rock solid.

    The very strange things is that these camera began resetting only when I connected them to a Hikvision NVR.
    Why the original firmware is safe on Sinology NAS while the firmware that I used to unbrick the camera is not safe on the same NAS ?
     
    Last edited: Oct 30, 2017
  14. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
  15. mvaldes

    mvaldes n3wb

    Joined:
    Oct 27, 2017
    Messages:
    3
    Likes Received:
    1
    Checked with ShieldsUP but no ports open.
    There was the UPnP and EZIVIZ P2P enabled on both cameras. I've disabled both option and now the camera didn't reset again to factory default.
    Anyway, in the next days I will try to update the firmware to the latest version, so I can try again the Hikvision NVR
     
  16. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
    It sounds like the router doesn't have UPnP enabled, otherwise you would have found some open ports you didn't know about.
     
  17. reeves1985

    reeves1985 Pulling my weight

    Joined:
    Sep 13, 2015
    Messages:
    477
    Likes Received:
    142
    I too have been experiencing this on 2 2023 grey imports and also the huisun ptz speed dome.
    The only similarity betwen the 2 brands is they are all connected to a hikvision nvr.

    Bern running fine for a few years up until a few months ago.
    Though the cameras were on the blink.
    Been away from the scene a while with other things going on but I'm glad I've seen this.
    I' going to have to go into my virgin hub 3 and see if anything going on as it' correlates to me receiving a new hub from virgin as well.

    Far too coincidental for my liking.
     
  18. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,625
    Likes Received:
    2,430
    Location:
    Scotland
    Maybe there is a Hikvision NVR backdoor that's being exploited, in a similar way to the Hikvision camera backdoor.
    A bit of a coincidence that this is happening to a few users.
     
    fenderman likes this.
  19. reeves1985

    reeves1985 Pulling my weight

    Joined:
    Sep 13, 2015
    Messages:
    477
    Likes Received:
    142
    Yes definitely
    I' going to hae to have a look in my virgin router to see if anything is open as with them all being grey imports of rather not update unless I really have to