DS-2CD2332 changing password on its own

spotco2 · Apr 11, 2020

I have an older DS-2CD2332 with v5.2.0 14072 (all English but purchased from China) and CCH in the serial number that randomly will not connect due to it's password being incorrect. I can use the tool here to easily reset the password and it works great. Sometimes it continues to work for anywhere from a few days to a few weeks before I have to reset it again.

I'm happy with the camera when it works and see no reason to change it until it is completely dead. I have other Hikvision cameras on the same network with no issues.

Could this be a firmware or software issue with the camera? It worked fine for a very long time and only recently started doing this last year.

alastairstevenson · Apr 11, 2020

spotco2 said:
Could this be a firmware or software issue with the camera? It worked fine for a very long time and only recently started doing this last year.

It's very likely being hacked due to inbound access from the internet being allowed.
Next time it happens, try 1111aaaa or asdf1234 for the password.
If that works, it will confirm it, these are commonly used by the hackbots.

Have you set up port forwarding so you can access the camera remotely?
If so - that puts your LAN, the devices on it and their data at serious risk of being compromised with a camera that has the Hikvision backdoor vulnerability.
Best not to do that - check out how to set up a VPN remote access solution instead. Lots of 'how-tos' and user experiences on the forum.

If you have not set up port forwarding - the camera could be doing it itself if UPnP is enabled in your router.
First check what ports are open using the 'full port scan' from ShieldsUp! here :

GRC | ShieldsUP! — Internet Vulnerability Profiling

GRC Internet Security Detection System

www.grc.com

Then disable UPnP in the router, and also in the camera.
Restart the router and re-check for open ports using ShieldsUp! again.

spotco2 · Apr 11, 2020

Thank you for the response.

I've tried those passwords before when it happened and they did not work.

I do not have port forwarding enabled on anything on our home network. I ran the scan and it said it was rejected, so I guess we are good there.

fenderman · Apr 11, 2020

spotco2 said:
Thank you for the response.

I've tried those passwords before when it happened and they did not work.

I do not have port forwarding enabled on anything on our home network. I ran the scan and it said it was rejected, so I guess we are good there.

Read his post again. You likely have upnp enabled.

lewic · Apr 11, 2020

You likely have an older firmware. I believe anything 5.3.0 and below have this issue where the camera will "forget" it's password. They even have the issue where it forgets the date and changes it to a 1-1-1970 date. Upgrade it to firmware 5.4.0 and up and that should fix it.

spotco2 · Apr 11, 2020

fenderman said:
Read his post again. You likely have upnp enabled.

Ah, this one was checked. I just unchecked it and saved.

Think that was it?

fenderman · Apr 11, 2020

spotco2 said:
Ah, this one was checked. I just unchecked it and saved.

Think that was it?

Yes. Ensure you have it disabled in your router as well.

spotco2 · Apr 12, 2020

fenderman said:
Yes. Ensure you have it disabled in your router as well.

It was checked on the router as well. Will unchecking this on the router have any negative effects on connecting devises on my network in the future?

fenderman · Apr 12, 2020

spotco2 said:
It was checked on the router as well. Will unchecking this on the router have any negative effects on connecting devises on my network in the future?

No. Anything that needs it is not secure. Uncheck it.

Mike A. · Apr 12, 2020

Also check what ports are now open on the router and close any not needed. Unchecking the UPnP on the router and cam usually doesn't change what's already been opened up on the router. Just stops opening from there forward.

alastairstevenson · Apr 12, 2020

lewic said:
You likely have an older firmware. I believe anything 5.3.0 and below have this issue where the camera will "forget" it's password. They even have the issue where it forgets the date and changes it to a 1-1-1970 date.

That's the Hikvision backdoor vulnerability and UPnP on by default and the internet messing with it, changing the password, defaulting the configuration etc etc.

lewic said:
Upgrade it to firmware 5.4.0 and up and that should fix it.

Many of the R0 series in use are Chinese cameras with hacked firmware.
There is a good chance any firmware update would brick it, unless it has been permanently converted to EN from CN.

alastairstevenson · Apr 12, 2020

spotco2 said:
I ran the scan and it said it was rejected, so I guess we are good there.

I've not seen ShieldsUp! say that before - normally the result is a vulnerability assessment.
You WILL have had open ports, based on the UPnP status in the camera and router and the password issues.

alastairstevenson said:
Then disable UPnP in the router, and also in the camera.
Restart the router and re-check for open ports using ShieldsUp! again.

Best to restart the router to flush any settings no longer wanted.

spotco2 · Apr 13, 2020

alastairstevenson said:
I've not seen ShieldsUp! say that before - normally the result is a vulnerability assessment.
You WILL have had open ports, based on the UPnP status in the camera and router and the password issues.

Best to restart the router to flush any settings no longer wanted.

spotco2 · Apr 13, 2020

Mike A. said:
Also check what ports are now open on the router and close any not needed. Unchecking the UPnP on the router and cam usually doesn't change what's already been opened up on the router. Just stops opening from there forward.

I honestly do not know how to do that.

alastairstevenson · Apr 13, 2020

spotco2 said:
I ran the scan and it said it was rejected, so I guess we are good there.

You ran the wrong test, you ran the UPnP test, not the full port scan.

alastairstevenson said:
First check what ports are open using the 'full port scan' from ShieldsUp! here :

It's history now anyway, you've shut down the inbound access that you didn't know existed.
Hopefully the "changing password problem" will also be history.

Mike A. · Apr 13, 2020

spotco2 said:
I honestly do not know how to do that.

What router do you have? For all there will be a place that shows what's been opened/forwarded/triggers/etc.

spotco2 · Apr 14, 2020

Mike A. said:
What router do you have? For all there will be a place that shows what's been opened/forwarded/triggers/etc.

Linksys EA6900

Mike A. · Apr 14, 2020

spotco2 said:
Linksys EA6900

Don't know the Linksys well but looks like it would be under the Security section.

spotco2 · Apr 14, 2020

Mike A. said:
Don't know the Linksys well but looks like it would be under the Security section.

All of those tabs are blank.

spotco2 · Apr 14, 2020

Well, it appears that around 4am this morning I lost the camera again. Now SADP tool can not even see the camera.

Search

DS-2CD2332 changing password on its own

spotco2

Young grasshopper

alastairstevenson

GRC | ShieldsUP! — Internet Vulnerability Profiling

spotco2

Young grasshopper

fenderman

lewic

Getting the hang of it

spotco2

Young grasshopper

Attachments

fenderman

spotco2

Young grasshopper

fenderman

Mike A.

Known around here

alastairstevenson

alastairstevenson

spotco2

Young grasshopper

Attachments

spotco2

Young grasshopper

alastairstevenson

Mike A.

Known around here

spotco2

Young grasshopper

Mike A.

Known around here

spotco2

Young grasshopper

Attachments

spotco2

Young grasshopper