Hikvision camera resets ITSELF to factory default twice!

[alastairstevenson]

Any guidance is much appreciated.

Check that the open ports are the ones you expect by doing a full port scan with the ShieldsUp! service : GRC | ShieldsUP! — Internet Vulnerability Profiling  

 

[Sparkey]

No ports are listed and the router doesn't respond to UPNP probes.

 

[alastairstevenson]

No ports are listed and the router doesn't respond to UPNP probes.

All stealthed? That's good.
But what about this one :

Port forwarding is only done to the Blue Iris server

 

[Sparkey]

Thanks. Need to access the camera from off site, hence the port forwarding. Is there another way to do it?

Sorry, meant to say access Blue Iris from off site.

 

[alastairstevenson]

Need to access the camera from off site, hence the port forwarding.

Yes, that was clear.
But I was just curious why the Blue Iris forwarded port did not show up on the ShieldsUp! full port scan.
It suggests the scan was incomplete.

 

[Sparkey]

Good point. I have no idea. I can access Blue Iris remotely so the port is open.

OK, after making adjustment yesterday, it made it through the night without resetting. Hopefully this has taken care of the problem. One thing I did that I didn't see mentioned in this thread is I blocked the camera from the Internet in the Router.

 

[fenderman]

Yes, that was clear.
But I was just curious why the Blue Iris forwarded port did not show up on the ShieldsUp! full port scan.
It suggests the scan was incomplete.

he likely only clicked on the upnp test...the other tests are easy to miss below it..it also apprears that the all service port scan only looks at the first 1052 ports...

 

[alastairstevenson]

he likely only clicked on the upnp test.

Yes, I think you are right.

doing a full port scan

Maybe that wasn't clear enough. I need to find the bold and font size buttons.

 

[alastairstevenson]

OK, after making adjustment yesterday, it made it through the night without resetting. Hopefully this has taken care of the problem.

Well, that's a good step forward.

 

[sameri]

Hey All. First post. Found this thread through the same unfortunate circumstances as most others. I have 6 cameras all with unique ports and passwords and woke to find that 3 of them had reset to factory. They are the older of the lot so I'm assuming it is attributed to this backdoor issue. I DO NOT use port forwarding BUT I found that UPnP was turned on in my router. I've now turned it off and checked my PC on ShieldsUp! as recommended above. I've found that 4 of my ports are open but no idea if a) this is normal and b) how to stealth them if it's not. Anyone able to shed light?

Also, hopefully I don't cloud the issue but I've only been able to "restore" 1 out of the 3 factory reset cameras. I can set the IP addresses of the other 2 using the SADP tool but when I go to log in on the web interface I get "Network Abnormal" on one camera (a DS-2CD3132F-IW) and "The account is locked, please try again 20 minutes later" on the other (a DS-2CD2132-I) ... And yes I've waited 20 minutes

I've searched the forum as best I can and not found anything to solve it. Can anyone point me towards something that may help? Happy to start up a new thread if that's better.

 

[alastairstevenson]

I found that UPnP was turned on in my router. I've now turned it off and checked my PC on ShieldsUp! as recommended above. I've found that 4 of my ports are open but no idea if a) this is normal and b) how to stealth them if it's not.

There are default NAT/UPnP settings in the camera that will configure open ports in the router, given that the router allows this. It presumably won't now, but I suspect that to clear those that are persisting you need to reboot the router.

I go to log in on the web interface I get "Network Abnormal" on one camera

Check also the default gateway and subnet mask matches the range of the IP address you've set.

"The account is locked, please try again 20 minutes later" on the other (a DS-2CD2132-I) ... And yes I've waited 20 minutes

Do you have the camera connected to an NVR? That will have the original password configured?
It is possible that the password has been changed to something you don't know - the backdoor exploit can be used to do anything, and does not require any of the original passwords to do this.

Once you have them all back to normal, you could consider doing the 'enhanced mtd hack' (assuming these are China market cameras) so that the firmware can be updated to a backdoor-fixed version.

 

[sameri]

There are default NAT/UPnP settings in the camera that will configure open ports in the router, given that the router allows this. It presumably won't now, but I suspect that to clear those that are persisting you need to reboot the router.

Understood. I shall reboot the router.

Check also the default gateway and subnet mask matches the range of the IP address you've set.

Do you have the camera connected to an NVR? That will have the original password configured?
It is possible that the password has been changed to something you don't know - the backdoor exploit can be used to do anything, and does not require any of the original passwords to do this.

So I don't hijack this thread, I've asked my question in a separate thread with more detail... Hopefully that's the best thing to do. "Network Abnormal" & "The account is locked, please try again 20 minutes" Error after Factory Reset

Once you have them all back to normal, you could consider doing the 'enhanced mtd hack' (assuming these are China market cameras) so that the firmware can be updated to a backdoor-fixed version.

Is that the procedure outlined in this thread: Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.

 

[alastairstevenson]

Is that the procedure outlined in this thread:

Yes, that's correct.

For the network settings, assuming the PC is in the same IP address range as the camera currently is - it may be useful to try the Batch Configuration Tool if you haven't already done so. Hangzhou Hikvision Digital Technology Co. Ltd.

 

[Sparkey]

Just reporting back. Mine hasn't done it since my last post. Hopefully it won't ever do it again.

 

[sameri]

alastairstevenson you are a legend buddy. All cameras on my network now running Firmware 5.4.5 and I'm feeling a lot more secure.

Obviously was also able to sort out the network issue simply by turning off the NVR as was originally suggested...

 

[alastairstevenson]

Brilliant! Another good result.