It sounds like they are accessible from the internet.
Deliberate, or unintentional?
And they must be vulnerable to the Hikvision backdoor exploit for the reset tool to work.
It was over the course of a few months, one of my cam kept going offline, I thought it was just defective because it kept resetting to the default password (12345abc) so I changed it back and it was fine. Eventually I just couldn't access it anymore so I replaced it thinking it failed. Then the next hikvision cam would go offline too... and then the next one as well (I could still see them connected to my router, but didn't think much of it). I just thought hikvision cams I bought on ebay were crap so I went and ordered some dahua cams last week.
And then I just found out about the backdoor exploit. Tried the tool and easily changed the password and all cams were back online.
So yeah I'm still reading on how to make it more secure/disable access to internet
They're all on the V5.2.5build 141201 firmware (DS-2CD3132F-IW). I'm not sure if I can upgrade it since they were bought from ebay (A bit afraid of bricking them
) **edit: Seems a bit too troublesome to upgrade so I'll leave it as is.
I also found out that maybe the wifi was on(?) Apparently can't disable it on this firmware version, the SSID was 'davinci' by default and not secured.
Disabled UPnP on both cams and router
Disabled Telnet, SSH, NTP, P2P, WPS
Cleared DNS server
If I'm missing anything, feel free to let me know