Dahua NVR Web Interface

coder7 · 2025-01-14T12:36:44-0500

Hello,

This is my first message here! I am looking to set up a security system for my home and wanted to get some info about the Dahua NVRs.

I was originally thinking of Unifi Protect stuff but their cameras are not very high quality and their ONVIF support is at its infancy. Basically it's just a video recorder for ONVIF cameras.

I see that Empire Tech cameras are highly recommended but I need an NVR to record their footage with AI features and that brings me to my main questions.

Does the Dahua NVR web interface have the full feature list of the HDMI/local interface? This NVR will be in a closet and never be hooked up to an HDMI display.
Does the web interface require any plugins to be installed? I want to minimize security flaws and this would be a show stopper. My plan is to completely block the internet access of the NVR but if I am installing either a desktop app or a desktop plugin/exe that defeats the purpose of security. Surely a browser can make web calls but the exploits are pretty limited in that use case.
What about choosing a different brand of NVR to go with Dahua/Empire Tech cameras? I say Empire Tech because as far as I understand Dahua is banned from sales in US.

Thanks!

bigredfish · 2025-01-14T12:41:05-0500

The Web UI in many cases has MORE than the machine interface

The newer NVRs with newer cams do not. That said, it can still be somewhat browser dependent. But the plugins that they ask for aren't downloaed from the Internet but from the camera itself

Regardless of manufacturer, its best to stay with the same brand NVR as cameras. No way every NVR makes can keep up with all of the changing/new features of hundreds of models of OTHER manufacturers cameras and more than Chevy can accept Ford fenders

coder7 · 2025-01-14T12:43:38-0500

bigredfish said:
The Web UI in many cases has MORE than the machine interface

The newer NVRs with newer cams do not. That said, it can still be somewhat browser dependent. But the plugins that they ask for aren't downloaed from the Internet but from the camera itself

Regardless of manufacturer, its best to stay with the same brand NVR as cameras. No way every NVR makes can keep up with all of the changing/new features of hundreds of models of OTHER manufacturers cameras and more than Chevy can accept Ford fenders

Plugin downloaded from the camera itself does not make it any safer though. Are you saying Dahua NVRs still require a plugin to be installed even in their latest NVR 5 systems? I see some posts about this topic but they are pretty old.

bigredfish · 2025-01-14T12:48:39-0500

Not if using the latest FW and camera models. It will ask, but depending on browser you can safely say no and ignore. Mostly IE specific

I can say with many years doing this that the plugin Dahua used to ask for and the one that current models sometimes do (depending on browser and are downloaded from the camera) are 1000% safer that the exposure your router, PC, and Smart TV get every day.

I have one I accepted about a year ago which I can see on my firewall has never attempted an outside connection of any type. Same can NOT be said of my Samsung TV. People are too puckered over current plugins due to security issues of 10 years ago

bigredfish · 2025-01-14T12:55:12-0500

Example

Here's a login on a Win 11 laptop, using Chrome.

On the login screen and once in the UI I get requests to download the plugin, I just say NO and everything works fine

wittaj · 2025-01-14T12:55:45-0500

If you properly set up your system, the plug-in, if needed, is fine.

As pointed out, most of the newer cameras don't need it, but there are a few specialty cameras that to access every feature you may need the plug-in. Now if you don't need that feature, then you don't need the download.

I have an old computer that is only used for setting up cameras - it isn't connected to my network or the internet - it is a complete stand-alone. I set everything up on that and then my VMS system works fine without needing a plug-in.

How do you plan to access the NVR remotely - using the NVR app or a web browser?

If you are a homeowner or business owner, the NDAA ban doesn't impact you. EmpireTech gear is still allowed to be sold in the USA.

We have had many people come here thinking they need to get NDAA complaint stuff because some article scared them and in most instances once they learned what NDAA really meant and who it applied to and how poor the cameras perform, they then went and got Dahua or Hikvsion OEM as they represented the best overall value in terms of cost and performance.

The real issue that NDAA doesn't address is EVERY camera can be hacked, even NDAA cameras and NVRs. Don't let your cameras touch the internet and you won't have a problem.

Block the cams from the internet and go with the best bang for the buck and that will be Dahua and Hikvision OEMs.

Well known NDAA compliant companies have been hacked, thus showing that the ban and only using NDAA compliant devices like Verkada doesn't protect you if you give them internet access.

Sadly, too many companies have jumped on the NDAA bandwagon and sell subpar performing cameras and NVRs at a premium price all under the disguise of being secure, which they are not.

It is why we recommend DO NOT LET YOUR CAMERAS OR NVR TOUCH THE INTERNET. You isolate them via VLAN or dual NIC.

bigredfish · 2025-01-14T12:58:07-0500

wittaj said:
It is why we recommend DO NOT LET YOUR CAMERAS OR NVR TOUCH THE INTERNET. You isolate them via VLAN or dual NIC.

Or by using a PoE NVR which by default puts the cameras on their own subnet

coder7 · 2025-01-14T13:10:17-0500

wittaj said:
If you properly set up your system, the plug-in, if needed, is fine.

As pointed out, most of the newer cameras don't need it, but there are a few specialty cameras that to access every feature you may need the plug-in. Now if you don't need that feature, then you don't need the download.

I have an old computer that is only used for setting up cameras - it isn't connected to my network or the internet - it is a complete stand-alone. I set everything up on that and then my VMS system works fine without needing a plug-in.

How do you plan to access the NVR remotely - using the NVR app or a web browser?

If you are a homeowner or business owner, the NDAA ban doesn't impact you. EmpireTech gear is still allowed to be sold in the USA.

We have had many people come here thinking they need to get NDAA complaint stuff because some article scared them and in most instances once they learned what NDAA really meant and who it applied to and how poor the cameras perform, they then went and got Dahua or Hikvsion OEM as they represented the best overall value in terms of cost and performance.

The real issue that NDAA doesn't address is EVERY camera can be hacked, even NDAA cameras and NVRs. Don't let your cameras touch the internet and you won't have a problem.

Block the cams from the internet and go with the best bang for the buck and that will be Dahua and Hikvision OEMs.

Well known NDAA compliant companies have been hacked, thus showing that the ban and only using NDAA compliant devices like Verkada doesn't protect you if you give them internet access.

Sadly, too many companies have jumped on the NDAA bandwagon and sell subpar performing cameras and NVRs at a premium price all under the disguise of being secure, which they are not.

It is why we recommend DO NOT LET YOUR CAMERAS OR NVR TOUCH THE INTERNET. You isolate them via VLAN or dual NIC.

I plan to access the NVR web interface either locally over WIFI/ethernet or via VPN remotely. Never direct internet access.

Do the mobile notifications for stuff like motion detection work if your phone is connected to the same local network?

wittaj · 2025-01-14T13:17:05-0500

coder7 said:
I plan to access the NVR web interface either locally over WIFI/ethernet or via VPN remotely. Never direct internet access.

Do the mobile notifications for stuff like motion detection work if your phone is connected to the same local network?

There are some "quirks" to that and how to set it up and will let @bigredfish answer, but I think if you don't use the app and want to access the NVR via just the browser, you won't get push notifications.

coder7 · 2025-01-14T13:25:44-0500

wittaj said:
There are some "quirks" to that and how to set it up and will let @bigredfish answer, but I think if you don't use the app and want to access the NVR via just the browser, you won't get push notifications.

I was talking about using the DMSS mobile app. That's the one for Dahua NVRs, right? Does that app require the cameras to be exposed to internet to get the notifications?

wittaj · 2025-01-14T13:30:24-0500

coder7 said:
I was talking about using the DMSS mobile app. That's the one for Dahua NVRs, right? Does that app require the cameras to be exposed to internet to get the notifications?

Yes that is the one for Dahua.

That is why I asked how you planned to view it - with the app or the browser.

It makes a difference.

There is a new member here that is so concerned about security that they don't want to use the DMSS app or SmartPSS light and instead plans to use the web browser for NVR viewing.

The cameras do not need to be exposed to the internet to get notifications and they are not exposed to the internet by default, but the NVR does. But if solely a local install, I think you can set DMSS up by LAN IP and will only work locally.

coder7 · 2025-01-14T13:32:48-0500

wittaj said:
Yes that is the one for Dahua.

That is why I asked how you planned to view it - with the app or the browser.

It makes a difference.

There is a new member here that is so concerned about security that they don't want to use the DMSS app or SmartPSS light and instead plans to use the web browser for NVR viewing.

The cameras do not need to be exposed to the internet to get notifications, but the NVR does.

I see, exposing the NVR to internet defeats the point of security. I don't know why they cannot make everything work locally.

bigredfish · 2025-01-14T13:34:15-0500

coder7 said:
I was talking about using the DMSS mobile app. That's the one for Dahua NVRs, right? Does that app require the cameras to be exposed to internet to get the notifications?

NO in recent testing.
Im getting push notifications on DMSS with both P2P off and outside of my wifi on cell connection

Push notifications are separate from P2P

Thread 'Dahua NVR, DMSS and P2P - How are they connected?'

Jan 2, 2025

So this is just a thread on my own testing/research of Dahua NVRs and how they interact with Dahua P2P and the DMSS app. YMMV
It can get quite complicated....and I caution that there have been different results from past versions of the DMSS app. SO, if you're using an old version of the app you may see different results.

Part #1)
Testing Remote Push Notifications

Lets start with how a Dahua NVR (older model NVR5216-16P-4K2SE) interacts with the DMSS app (Version - 1.99.842 / 11/12/2024 - reasonably new) to send you push alerts
I have no reason to believe that newer NVRs...

bigredfish · 2025-01-14T13:35:28-0500

My NVR currently is NOT exposed (well its on my LAN but not reachable from outside.) I have no P2P turned on and no port forwarding and I still get push alerts

coder7 · 2025-01-14T13:39:34-0500

bigredfish said:
My NVR currently is NOT exposed (well its on my LAN but not reachable from outside.) I have no P2P turned on and no port forwarding and I still get push alerts

OK this is good news and different than what mittaj mentioned if I understood correctly.

Are all of your cameras hooked up to the NVR? If so, do the cameras even get an IP in your local network or the only way to access them is via NVR indirectly?

Another potential setup would be to connect the cameras directly to my managed POE switch. Would I get any benefit out of this sort of setup? Do you get more advanced features using the DMSS app because it has direct access to the camera?

bigredfish · 2025-01-14T13:46:04-0500

I have 2 of 11 that are NOT connected to the NVR PoE ports. They are assigned static IPs on my LAN.
The ones connected to NVR PoE ports get put on a subnet of 10.1.1.x and cant be reached from outside even IF you were to allow outside access to the NVR. UNLESS you VPN in, in which case the NVR senses you are on the LAN

Yes you must access cameras on the internal NVR PoE ports indirectly via the NVR blue IE buttons

You can run a mix of cameras connected direct to the NVR PoE ports as well as external cameras on the LAN

I have two cameras on an unmanaged switch on the LAN. I've not tried using them on a VLAN

wittaj · 2025-01-14T13:51:42-0500

coder7 said:
OK this is good news and different than what mittaj mentioned if I understood correctly.

Are all of your cameras hooked up to the NVR? If so, do the cameras even get an IP in your local network or the only way to access them is via NVR indirectly?

Another potential setup would be to connect the cameras directly to my managed POE switch. Would I get any benefit out of this sort of setup? Do you get more advanced features using the DMSS app because it has direct access to the camera?

Make sure you read the post he linked carefully.

The NVR is still reaching out to a push server. That may or may not be OK for you and your situation.

Do you want a complete CCTV in the traditional sense or do you want to be able to access it from other devices and if so there is always a risk even if minimal. The key is minimizing the risk.

The advanced features are always thru the web browser not the app. The app is used for viewing and setting alerts only. Do not make any changes to the system via the DMSS app.

bigredfish · 2025-01-14T13:53:18-0500

wittaj said:
Make sure you read the post he linked carefully.

The NVR is still reaching out to a push server. That may or may not be OK for you and your situation.

Do you want a complete CCTV in the traditional sense or do you want to be able to access it from other devices and if so there is always a risk even if minimal. The key is minimizing the risk.

The advanced features are always thru the web browser not the app. The app is used for viewing and setting alerts only. Do not make any changes to the system via the DMSS app.

^^^^^
This.

Unless we adopt some of that good Alien technology, I'm not aware of how one could get remote out-of-network push alerts without the NVR connecting to some external source.

bigredfish · 2025-01-14T13:56:49-0500

It obviously punches a hole to reach the push.messagepush.org server on AWS. Much like how a VPN does

I could prevent even that with a firewall rule or by turning off push notifications.

coder7 · 2025-01-14T13:57:17-0500

bigredfish said:
^^^^^
This.

Unless we adopt some of that good Alien technology, I'm not aware of how one could get remote out-of-network push alerts without the NVR connecting to some external source.

OK maybe I totally misunderstood. It sounds like you allow the NVR to talk to internet but block incoming traffic to it which a regular router should do anyway if you don't do any sort of port forwarding.

I was hoping that the NVR could directly talk to the app on the phone (app) since they are on the same network when the phone is connected via WIFI to your LAN.

Search

Search

Dahua NVR Web Interface

coder7

n3wb

bigredfish

Known around here

coder7

n3wb

bigredfish

Known around here

bigredfish

Known around here

wittaj

bigredfish

Known around here

coder7

n3wb

wittaj

coder7

n3wb

wittaj

coder7

n3wb

bigredfish

Known around here

Thread 'Dahua NVR, DMSS and P2P - How are they connected?'

bigredfish

Known around here

coder7

n3wb

bigredfish

Known around here

wittaj

bigredfish

Known around here

bigredfish

Known around here

coder7

n3wb