How to find right UK Hikvision firmware?

M

MrRobinHood

Getting comfortable
Nov 29, 2021
187
353
England
I have a new DS-2CD2386G2-ISU/SL

It's running V5.5.131 build 200220

I've tried downloading the latest firmware from the product page here, which looks to be Firmware_V5.7.3_211222

DS-2CD2386G2-ISU/SL

Hikvision DS-2CD2386G2-ISU/SL 4K AcuSense Strobe Light and Audible Warning Fixed Turret Network Camera
www.hikvision.com www.hikvision.com

and here


However the firmware I get gives me this error:

The type of upgrade file mismatches.

Am I looking in the wrong spot? Is it somewhere on the UK portal?

HIKVISION UK PORTAL

www.hikvisioneurope.com www.hikvisioneurope.com

If it matters, the box doesn't have the (C) at the end of the product code.
 
You really need to be asking yourself why are you updating?

A common theme around here is don't fix what ain't broke. If the unit is working and meets your needs, in many instances an update breaks what you had working and provides you with something you didn't need. In most instances, updates are security vulnerability patches (usually years after the breach was found), but since we do not give our cameras internet access, the update is useless to us.

Here are issues I have seen people report here where they were upgrading just for the sake of upgrading:
  • A Dahua Z12E that someone updated and then constantly reboots comes to mind,
  • The Dahua 49225 PTZ that loses autotracking with an update come to mind,
  • A Hikvision ANPR camera losing half the FPS and loses the ability to read US plates - those are big deals to have happen.
  • Countless other instances where the camera simply bricked and became useless.
  • Countless examples where the camera went into Chinese.
Don't do it unless it is fixing a problem you are experiencing or adds a feature you really need.

Further, it is best to obtain any firmware updates from the vendor you purchased it from so that you do not run into issues. Any firmware you find here or elsewhere is obviously proceed at your own risk. We have many threads here where someone tried an update with a firmware they found on the internet and bricked their unit.

Many units being sold are Chinese hacked units that will either brick or go into Chinese upon updating. Some vendors will be upfront and tell consumers that as part of their website, but many do not or the consumer forgets...here is one such example....

1641503545491.png
 
Hmm, okay.

I saw that the manufacture date was 03/2021 and so it's nearly a year old (even though it's new to me from a UK authorised supplier)

I figured it would be best to be on the latest firmware for the latest feature, guess not? :-/

I have found a few threads while searching where it seems features seem to frequently get removed? How bizarre...
 
wittaj said:
You really need to be asking yourself why are you updating?
Click to expand...
There is a good chance that firmware version suffers from the serious RCE vulnerability as described here :

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260) https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html RFC Response...
ipcamtalk.com ipcamtalk.com

If the seller really is an Authorised Hikvision distributor and on the ball, they should be able to confirm.
Alternatively, the @bashis POC tool can be used :
github.com

PoC/CVE-2021-36260.py at master · mcw0/PoC

Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported. - mcw0/PoC
github.com github.com
 
  • Like
Reactions: MrRobinHood
Thanks for the info.

I’ve messaged the supplier to see what they say.

Just been playing with the HikConnect app and it seems to think it’s okay? :confused:

11E73BE8-3082-464E-9320-39C728E4A025.jpeg
 
alastairstevenson said:
There is a good chance that firmware version suffers from the serious RCE vulnerability as described here :

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260) https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html RFC Response...
ipcamtalk.com ipcamtalk.com

If the seller really is an Authorised Hikvision distributor and on the ball, they should be able to confirm.
Alternatively, the @bashis POC tool can be used :
github.com

PoC/CVE-2021-36260.py at master · mcw0/PoC

Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported. - mcw0/PoC
github.com github.com
Click to expand...

Which is why I said "In most instances, updates are security vulnerability patches (usually years after the breach was found), but since we do not give our cameras internet access, the update is useless to us."

So as long as the camera isn't exposed to the internet, the risk of updating and breaking a working function for something that is of no value to the user isn't worth it...
 
MrRobinHood said:
Hmm, okay.

I saw that the manufacture date was 03/2021 and so it's nearly a year old (even though it's new to me from a UK authorised supplier)

I figured it would be best to be on the latest firmware for the latest feature, guess not? :-/

I have found a few threads while searching where it seems features seem to frequently get removed? How bizarre...
Click to expand...

Many of us here run cameras with older firmware. Many of my cameras have 2018 or 2019 firmware. If it works for me and is doing what I want, no risk breaking it.

The one time I tried an update that was supposed to fix something, it didn't fix it and broke a lot of other things. Took over 15 factory resets of the camera before I could get back into as well!
 
Last edited:
  • Like
Reactions: MrRobinHood
Okay, well I think I found the right European page

HIKVISION UK PORTAL

www.hikvisioneurope.com www.hikvisioneurope.com

The first one is the oldest from April last year, which is what I have.

Says that one is is only for my model.

I presume the next 5 are still suitable as they're in that folder.

1641511245592.png


After googling and finding this thread it seems people are upgrading to patch the vulnerability

Firmware - Latest HikVision Firmware for G3 Series cameras (2xx6G2/2xx7G2/3xx6G2/3xx7G2) - V5.5.160

Hikvision has released new firmware for their G3 Series IP cameras. The latest firmware, Version 5.5.160, can be downloaded here. NB - you may need to refresh your browser when viewing the Hikvision portal to see the newly added version at the bottom of the list. The Release Notes are...
www.use-ip.co.uk www.use-ip.co.uk

My main concern is losing the light alert functionality. I've only done basic testing so far, but currently have it set to trigger a flashing white light when a human is detected as a deterrent, which I really like, but this post seems to clear things up about the models with different LEDs, and I think I'll be safe if I upgrade to 5.5.800 as I have the ISU/SL model


@venturis - All models have the integrated white light but the ISU/SL and LSU/SL has integrated white light and separate strobe light.

As I mentioned in the other post, the action to trigger the supplemental light was just that - no white LED illumination as standard during darkness, setting the action brings it on for a pre determined time after event activation. I did set it up on my DS-2CD2347G2-IU (G3 platform) a few weeks ago to try it. The ISU/SL and LSU/SL which I also have has separate options to trigger the strobe light on event activation but it's not possible to bring on the supplemental white LED in the manner described above, the way you can for the -I and -IU models with version 5.5.114.

In summary:

ISU/SL and LSU/SL have the ability to activate the strobe light (and/or speaker) on alarm event and this will occur irrespective of whether the separate supplemental LED is being used to aid illumination.

-I and -IU have no ability to activate a strobe light as they don't have one. However depending on platform and firmware version it is possible to leave the white LED illumination disabled, but have it illuminate for a time (not flashing) following an event.

Not confusing at all - lol. I think that people are getting the two functions mixed up.
Click to expand...
 
Just to update, I did end up downloading and installing 5.5.800 from the link above. All went smoothly,.

I figured patching the RCE was more important than any firmware tweaks that may have also been included, especially until I get to the point where I'm able to setup VLANs, VPNs etc. Combined with a strong password I feel a bit safer just using it out of the box on a POE switch for a short time with the patched firmware.
 
You must log in or register to reply here.
Top Bottom