HikVision firmware vulnerability effecting Alibi IP Cams

[skanndelus]

I am not an expert, but I purchased a couple of Alibi IP Cams second-hand and eventually realized they were re-branded HikVision cameras that were being remotely hacked due to the vulnerability in HikVision cameras with older firmwares. Unfortunately, Alibi does not offer a newer firmware than version V5.2.0 Build 150525 for my cameras (ALI-IPV3030R).

I was hoping to upgrade the firmware to a newer HikVision branded version, but I'm not sure what the equivalent HikVision camera model numbers would be or if it would be okay to flash them.

Anyone have any helpful information?

Thanks!

 

[SecurityCams]

I think Allistair will help you here . So wait for him t jump in. You did not say what type camera but that firmware number is similar to The firmware number in some of my HIKVISION bullets and newer firmware (which I have) is available from Hik but.....

If you are going to keep this behind a firewall, Personally I would not bother upgrading if the camera works well. At least one of The Hikvision vulnerability is a backdoor Hik put in. So if you don't expose it to the internet no one can get to it anyway. Other wiser users here may disagree with me. If you want to monitor it remotely that is a different matter but then you should change the port from 8000 to some weird number not used by any known devices regardless what firmware you have.

If you want later firmware and want to try Ask Allistair first. I don't have enough experience to help you confidently.

This software may tell you more of what you need to know, You don't need to install it either, it gives you the option to install but I just run it.

Advanced IP Scanner - Download Free Network Scanner

Advanced IP Scanner shows all network devices, gives you access to shared folders, and can even remotely switch computers off. Download it Free.

www.advanced-ip-scanner.com

 

[skanndelus]

It's nice to have remote viewing.
I mentioned they are ALI-IPV3030R.
They are hacked often so I use the same tool to change the password again. As of now they are on ports 8000 and 8001 but the password reset tool doesn't seem to need these ports just the https ones which I have changed to 81 and 82.

 

[SecurityCams]

... I mentioned they are ALI-IPV3030R.

That doesn't tell me anything, Are they bullet cameras? If so, They may be HIKVISION DS-2CD2032-I if so you can get latest firmware from hikvision. Several companies rebranded that camera.

Post several photos of one here. Still I think Allistair can help you here better than anyone for this issue.

 

[skanndelus]

They are domes

 

[fenderman]

It's nice to have remote viewing.
I mentioned they are ALI-IPV3030R.
They are hacked often so I use the same tool to change the password again. As of now they are on ports 8000 and 8001 but the password reset tool doesn't seem to need these ports just the https ones which I have changed to 81 and 82.

Having these cameras port forwarded opens your network up for attack. Shut down port forwarding and uPNP. For remote viewing use VPN. See the wiki on securing your network.

 

[alastairstevenson]

Anyone have any helpful information?

I think @fenderman hit the spot above.
Your LAN, the devices and data on it are at risk. The camera is just a handy and easy conduit into your private environment.

For remote access - look at setting up a VPN server, probably available on your router.
It's much more secure and not that hard - loads of members have done it.
And there are some very good threads and how-tos on here.