Hold my hand through updating...

bedpan · Nov 1, 2017

Hey folks.. Trolled a little but not finding a good hand holding article on updating my cameras.

I bought 3 x DS-2CD2332-I about 3 years ago. I would normally update firmware on most of my devices on a regular basis but my reading said I would likely cause myself more problems then I would fix if I updated them. Anyways with all the security exploits I thought I best get off my lazy arse and do something. My cameras are behind PfSense and not accessible from the internet at all. Blueiris is used for my viewing and recording needs.

My Current firmware shows as V5.2.5 build 141201. The cameras were bought from a reseller recommended here from AliExpress if memory serves correct.

So thoughts on updating? Should I? If so any good guides or howtos you can recommend?

Thanks in advance!

Mike

fenderman · Nov 1, 2017

bedpan said:
Hey folks.. Trolled a little but not finding a good hand holding article on updating my cameras.

I bought 3 x DS-2CD2332-I about 3 years ago. I would normally update firmware on most of my devices on a regular basis but my reading said I would likely cause myself more problems then I would fix if I updated them. Anyways with all the security exploits I thought I best get off my lazy arse and do something. My cameras are behind PfSense and not accessible from the internet at all. Blueiris is used for my viewing and recording needs.

My Current firmware shows as V5.2.5 build 141201. The cameras were bought from a reseller recommended here from AliExpress if memory serves correct.

So thoughts on updating? Should I? If so any good guides or howtos you can recommend?

Thanks in advance!

Mike

There is absolutely no need to update if your cameras dont have internet access...if it aint broke dont fix it

bedpan · Nov 1, 2017

No other gains in the firmware beyond the security issues? It concerns me having insure devices sitting on the network even if not exposed. That said I am willing to go back to sitting on me arse if thats the best option

fenderman said:
There is absolutely no need to update if your cameras dont have internet access...if it aint broke dont fix it

fenderman · Nov 1, 2017

bedpan said:
No other gains in the firmware beyond the security issues? It concerns me having insure devices sitting on the network even if not exposed. That said I am willing to go back to sitting on me arse if thats the best option

The security vulnerability is only accessible from the outside...the worry you have is a well known affliction here...its OCD..

alastairstevenson · Nov 1, 2017

bedpan said:
I bought 3 x DS-2CD2332-I about 3 years ago.

China market cameras possibly?

bedpan said:
My cameras are behind PfSense and not accessible from the internet at all.

Does that also block any LAN device attempts to use UPnP services on the router?

bedpan said:
If so any good guides or howtos you can recommend?

Here is a how-to for China market cameras : Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
Though it's fair to say it's more useful for those less thoughtful or knowledgeable about their LAN security.

fenderman said:
There is absolutely no need to update if your cameras dont have internet access...if it aint broke dont fix it

I know that you are quite correct - but he did ask, and he seems to be a grown-up.

bedpan · Nov 2, 2017

Thanks folks.. Been reading the Brick-fix upgrade thread.. Man oh man.. they don't make it easy.... The cameras are from AliExpress and shipped from China back in March 2015...

Looks like the upgrade path is more trouble then its worth at this point. I could not see in any reasonable world directly connecting these to the internets..

To be sure I just checked on my PfSense and confirmed UPnP is disabled. Life is good. I guess the big risk is they get connected to a dumb router with UPnP and they port forward allowing someone to connect and take control...

I was pretty disappointed about 6 months ago. I was locked out of one of the cameras as a friend had borrowed it and changed the password. By the time I got around setting it up again he could not remember. Going through support I was quickly told its not an official camera and they would not unlock it for me. Fortunately the friend rememebered the password and I got things running again.

alastairstevenson · Nov 2, 2017

bedpan said:
I guess the big risk is they get connected to a dumb router with UPnP and they port forward allowing someone to connect and take control...

Yes, there have been instances of exactly that.

bedpan said:
Going through support I was quickly told its not an official camera and they would not unlock it for me. Fortunately the friend rememebered the password and I got things running again.

Yeah - terrific way to treat the customers that pay your wages.
Usefully, there is a reset tool created by a staff member @bp2008 that makes use of the backdoor vulnerability that's in most firmware versions.
Hikvision camera admin password reset tool

Search

Hold my hand through updating...

bedpan

n3wb

fenderman

bedpan

n3wb

fenderman

alastairstevenson

bedpan

n3wb

alastairstevenson