DS-2CD2332 changing password on its own

fenderman · Apr 14, 2020

spotco2 said:
Well, it appears that around 4am this morning I lost the camera again. Now SADP tool can not even see the camera.

Its likely that you have not properly disabled the port forwarding. Hard reset both your router and your camera. Before connecting either to the internet, disable upnp on both.

Mike A. · Apr 14, 2020

Hmmm...

On the cam in the same config section where you found the UPnP setting, look under the tab there that says "Platform Access" and see if that's enabled. If so, then disable the check box and blank out whatever else you can.

Run the ShieldsUp scan again and see if there's anything reported.

Beyond that, not sure what else to check. Could be unrelated to security, especially if running some hacked firmware, but that's the usual issue with changed passwords on those cams (and many others).

spotco2 · Apr 14, 2020

Mike A. said:
Hmmm...

On the cam in the same config section where you found the UPnP setting, look under the tab there that says "Platform Access" and see if that's enabled. If so, then disable the check box and blank out whatever else you can.

Run the ShieldsUp scan again and see if there's anything reported.

Beyond that, not sure what else to check. Could be unrelated to security, especially if running some hacked firmware, but that's the usual issue with changed passwords on those cams (and many others).

I can not access the camera period.

I have not changed anything as far as firmware or software since I purchased and installed it.

Results from scan of ports: 0-1055

0 Ports Open
2 Ports Closed
1054 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 80, 554

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Mike A. · Apr 14, 2020

spotco2 said:
I can not access the camera period...

Sorry, I missed that you said you couldn't access now with SADP . Maybe @alastairstevenson can help with that. He's the master for such things.

The ShieldsUp results makes me wonder some... "Closed" from it I believe means that there's some host/service there but that it refused the connection. Port 554 is RTSP (as used by cams). Not sure why that would show up at all on a port scan of your router unless there was something using RTSP that's exposed in some way through the router.

80 could be lots of things. Not likely the source of your problem here and not sure how Linksys does things but you should figure that out too. Make sure that the router's admin page isn't available externally unless you absolutely need it to be for some reason (likely not). Usually there's some setting for remote administration or something similar.

Edit to add: Actually 80 could be the cam's interface too so...

alastairstevenson · Apr 15, 2020

spotco2 said:
NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 80, 554

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH

This does confirm that inbound access to a device is still possible, quite likely a camera given the 554 port (RTSP).
All ports should be stealthed.

@Mike A. suggestion about Platform Access was valid - it's another vector for hacking activities.

Well, it appears that around 4am this morning I lost the camera again. Now SADP tool can not even see the camera.

If you've power-cycled the camera and still nothing in SADP, it may have been hacked to change more than the password.
With the Hikvision backdoor - anything is possible.

To recover bricked cameras, the brickfixV2 method should yield some results, and allow firmware updates to close the backdoor vulnerability :
It's not too hard, loads of people have used it with good results.
Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

spotco2 · Apr 15, 2020

Unplugged the camera and plugged it back in today and seems to be working fine. No need to reset the password again.

alastairstevenson · Apr 15, 2020

spotco2 said:
Unplugged the camera and plugged it back in today and seems to be working fine. No need to reset the password again.

That's good.
It would be worth checking ShieldsUp! again.
That inbound access it found is unexplained.
Did you power cycle the router after disabling UPnP?

spotco2 · Apr 23, 2020

alastairstevenson said:
That's good.
It would be worth checking ShieldsUp! again.
That inbound access it found is unexplained.
Did you power cycle the router after disabling UPnP?

Sorry for the delayed response. Yes power cycled router.

Everything seems to be functioning as expected still. I will post back if anything changes. I appreciate all of the help from everyone.

spotco2 · May 20, 2020

Well it disappeared from my network again today. Power cycled the camera and it popped back up.

Search

DS-2CD2332 changing password on its own

fenderman

Mike A.

Known around here

spotco2

Young grasshopper

Mike A.

Known around here

alastairstevenson

spotco2

Young grasshopper

alastairstevenson

spotco2

Young grasshopper

spotco2

Young grasshopper