Menu
What's new

Hikvision camera resets ITSELF to factory default twice!

S

Sparkey

Pulling my weight
Joined
Apr 3, 2015
Messages
237
Reaction score
159
No ports are listed and the router doesn't respond to UPNP probes.
 
S

Sparkey

Pulling my weight
Joined
Apr 3, 2015
Messages
237
Reaction score
159
Thanks. Need to access the camera from off site, hence the port forwarding. Is there another way to do it?

Sorry, meant to say access Blue Iris from off site.
 
S

Sparkey

Pulling my weight
Joined
Apr 3, 2015
Messages
237
Reaction score
159
Good point. I have no idea. I can access Blue Iris remotely so the port is open.

OK, after making adjustment yesterday, it made it through the night without resetting. Hopefully this has taken care of the problem. One thing I did that I didn't see mentioned in this thread is I blocked the camera from the Internet in the Router.
 
Last edited:
fenderman

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,902
Reaction score
21,274
alastairstevenson said:
Yes, that was clear.
But I was just curious why the Blue Iris forwarded port did not show up on the ShieldsUp! full port scan.
It suggests the scan was incomplete.
Click to expand...
he likely only clicked on the upnp test...the other tests are easy to miss below it..it also apprears that the all service port scan only looks at the first 1052 ports...
 
sameri

sameri

n3wb
Joined
Nov 21, 2017
Messages
6
Reaction score
3
Location
Australia
Hey All. First post. Found this thread through the same unfortunate circumstances as most others. I have 6 cameras all with unique ports and passwords and woke to find that 3 of them had reset to factory. They are the older of the lot so I'm assuming it is attributed to this backdoor issue. I DO NOT use port forwarding BUT I found that UPnP was turned on in my router. I've now turned it off and checked my PC on ShieldsUp! as recommended above. I've found that 4 of my ports are open but no idea if a) this is normal and b) how to stealth them if it's not. Anyone able to shed light?

Also, hopefully I don't cloud the issue but I've only been able to "restore" 1 out of the 3 factory reset cameras. I can set the IP addresses of the other 2 using the SADP tool but when I go to log in on the web interface I get "Network Abnormal" on one camera (a DS-2CD3132F-IW) and "The account is locked, please try again 20 minutes later" on the other (a DS-2CD2132-I) ... And yes I've waited 20 minutes :)

I've searched the forum as best I can and not found anything to solve it. Can anyone point me towards something that may help? Happy to start up a new thread if that's better.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,963
Reaction score
6,794
Location
Scotland
sameri said:
I found that UPnP was turned on in my router. I've now turned it off and checked my PC on ShieldsUp! as recommended above. I've found that 4 of my ports are open but no idea if a) this is normal and b) how to stealth them if it's not.
Click to expand...
There are default NAT/UPnP settings in the camera that will configure open ports in the router, given that the router allows this. It presumably won't now, but I suspect that to clear those that are persisting you need to reboot the router.
sameri said:
I go to log in on the web interface I get "Network Abnormal" on one camera
Click to expand...
Check also the default gateway and subnet mask matches the range of the IP address you've set.
sameri said:
"The account is locked, please try again 20 minutes later" on the other (a DS-2CD2132-I) ... And yes I've waited 20 minutes
Click to expand...
Do you have the camera connected to an NVR? That will have the original password configured?
It is possible that the password has been changed to something you don't know - the backdoor exploit can be used to do anything, and does not require any of the original passwords to do this.

Once you have them all back to normal, you could consider doing the 'enhanced mtd hack' (assuming these are China market cameras) so that the firmware can be updated to a backdoor-fixed version.
 
sameri

sameri

n3wb
Joined
Nov 21, 2017
Messages
6
Reaction score
3
Location
Australia
alastairstevenson said:
There are default NAT/UPnP settings in the camera that will configure open ports in the router, given that the router allows this. It presumably won't now, but I suspect that to clear those that are persisting you need to reboot the router.
Click to expand...
Understood. I shall reboot the router.

alastairstevenson said:
Check also the default gateway and subnet mask matches the range of the IP address you've set.

Do you have the camera connected to an NVR? That will have the original password configured?
It is possible that the password has been changed to something you don't know - the backdoor exploit can be used to do anything, and does not require any of the original passwords to do this.
Click to expand...
So I don't hijack this thread, I've asked my question in a separate thread with more detail... Hopefully that's the best thing to do. "Network Abnormal" & "The account is locked, please try again 20 minutes" Error after Factory Reset

alastairstevenson said:
Once you have them all back to normal, you could consider doing the 'enhanced mtd hack' (assuming these are China market cameras) so that the firmware can be updated to a backdoor-fixed version.
Click to expand...
Is that the procedure outlined in this thread: Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
 
sameri

sameri

n3wb
Joined
Nov 21, 2017
Messages
6
Reaction score
3
Location
Australia
alastairstevenson you are a legend buddy. All cameras on my network now running Firmware 5.4.5 and I'm feeling a lot more secure.

Obviously was also able to sort out the network issue simply by turning off the NVR as was originally suggested...
 
You must log in or register to reply here.
Top