IPC-HDW5231R-ZE Rhea V2.800.0000016.0.R.200430 Latest new firmware

toastie said:
It may have been in this thread that I noticed the firmware files Andy had a link to and a member, were not of the same size.
Click to expand...
Precisely my point.

Not that I don't trust @IAmATeaf or suspect he'd purposely post wonky firmware, but stuff happens. E.g.: I've had Firefox partially download stuff with no warning the download didn't complete properly many times over the years, over several versions, on multiple platforms. All it would take is something incomplete or with some corruption, coupled with poorly-coded update firmware, and you'll have a brick.

wittaj said:
I, as well as others, have said this before and it is worth repeating:

A common theme around here is don't fix what ain't broke.
Click to expand...
Indeed. Though I do somewhat disagree with this point:

wittaj said:
If your cameras are isolated from the internet, you do not need to run any firmware updates to the camera that come out as a result of a security patch.
Click to expand...
That is arguable. I expect you'll find very few network security types--those who eat, sleep, and breath network security, to agree with that position.

NO network security type worth his/her/other salt would ever suggest any network they manage is bullet-proof. We (and I use "we" because that's one of the things I used to do for a living) always assume there are vulnerabilities of which we're not aware. Places we've slipped up. And that somebody out there will find and exploit those weaknesses. Thus people like us are not inclined to let known vulnerabilities exist if we can avoid it.

That being said: I've been slowly upgrading my v05 firmware to v16 - letting it "cook" a month or so, at least, in each camera before moving on to the next--primarily because my cameras with v05 have been fairly regularly spontaneously rebooting themselves ever since I configured-in tripwires and intrusion zones. v16 seems to mostly end that behavior.
 
@Dramus - I am certainly not claiming to be a network security expert, but please elaborate on how a camera that is isolated from the internet (like in a dual NIC system or VLAN) is a real risk? Are you implying it is the same risk as port forwarding, P2P, UPnP?

The main risk of camera breaches is to use one's internet as a DoS attack or get into your network to steal banking info, etc., so if they have got past the router and computer with active current antivirus protection (assuming the owner hasn't also blasted a hole through with port forwarding or some other insecure method), they are into your network at that point and whether the camera is secure or not is a moot point. Port forwarding blasts a whole through the router and then relies on the security of the device the port forward is going to and these cameras have shown to have poor security measures in place. Ironic isn't it.

The whole premise of blocking cameras from the internet is to prevent an easy way for the cameras to phone home and to prevent someone from exploiting the security vulnerabilities of the camera to use your internet for ill intent.

It is allowing the cameras access to the internet that allows this to happen:

www.bloomberg.com

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
www.bloomberg.com www.bloomberg.com

And how does that happen? Because our government forbid government agencies from using Chinese brand cameras like Dahua and Hikvision because the government believed they could be used to be spied on by the Chinese government (and that part may be true), when in fact they should have been looking at what the real issue is, and it is that allowing cameras easy access to the outside world as that provides the same risks and will be same regardless of who makes a camera. Cameras need to remain off the internet, only allowing access through devices that have more recent security and antivirus protections in place than the firmware of the camera.

Can VPN be hacked....probably...as easy as the security in a surveillance camera...I doubt it.

An ideal system would truly be CCTV with ZERO way to access it from the outside - no common computer than is connected to the internet - truly a closed system. And sure anything connected to the internet can be breached, but short of true complete isolation, isolating the cams from the internet via VLAN or Dual NIC systems and additional measures (like also blocking their IP or MAC in the router as an example) and VPN into the system when away is A LOT more secure than simply plugging your cameras into a router and giving it unrestricted access to the internet and port forwarding to see the cameras when away from home.

So please elaborate and tell us how to be more secure as that is what we all strive for on here and to learn from others. If you have a better and more secure way than many here are doing, we would love to hear about it....
 
Last edited:
  • Like
Reactions: spammenotinoz
wittaj said:
@Dramus - I am certainly not claiming to be a network security expert, but please elaborate on how a camera that is isolated from the internet (like in a dual NIC system or VLAN) is a real risk? Are you implying it is the same risk as port forwarding, P2P, UPnP?
Click to expand...
I'm not implying it's the same risk as anything. What I am asserting is that it is undeniably true that neither you, I, nor anybody can possibly know of all the threats that exist on our networks, thus it is arguably wise to eliminate all threats of which we are aware.

One day I was sitting out back in the lab area working on some-or-another bit of software. At the time I was still dividing my time between software engineering and system administration. One of my software engineering colleagues wanted me to allow some-or-another access to the network--I no longer recall what--and didn't see the harm in it. I pointed out to him that, yes, what he wanted seemed innocuous on the face of it, thought about it, and explained to him how that "innocuous" thing, coupled with a couple other innocuous-looking things, each of which he agreed were equally innocuous, could result in the three being "chained together," so to say, to create a breach. He was literally speechless for a moment. "I never thought of it that way," he replied.

He never questioned my edicts after that ;)

wittaj said:
So please elaborate and tell us how to be more secure as that is what we all strive for on here and to learn from others. If you have a better and more secure way than many here are doing, we would love to hear about it....
Click to expand...
Heh. I guaran-fracking-tee you the vast majority of users here would not be inclined to follow my security stance
lol.gif


Let me give you a very small taste that can't, or shouldn't... uh... cause trouble here, because the protocol is Officially Dead (and Thank God!): Adobe Flash. No device has ever existed on my home network with Flash on it. At least not any longer than it took to delete it. When I was still the BOFH at work (Bastard Operator From Hell - for those who don't know the Internet lore: Look it up) I successfully campaigned to have it utterly banned from the corporation's PCs and to have our corporate web site re-designed to eliminate it.

Let me make something clear: I'm not asserting my network security is any better than yours or anybody else's here. All I'm saying is we have different views as to what constitutes wise network security policy and that, in this particular aspect, that being the wisdom of updating devices known to have vulnerabilities, I believe few, if any, network security professionals would disagree with my stance.

Would I have updated my perfectly-functioning Dahua cameras for security vulnerabilities which probably wouldn't have been a threat to my network? Dunno. I was still debating with myself about it when the question became moot.

IAmATeaf said:
@Dramus a few users have reported restart issues with v16.
Click to expand...
Yes, I know.
 
  • Like
Reactions: looney2ns
Good morning, I have been updating the firmware of my HDW5231RZ starlights this morning, but when it csame to do my bullet camera and mini-dome and (dual mini dome) they would not display the model number in the config tool, or the IP camera login page under general. Ii just says "IP Camera" where it is supposed to say model number.

The other cameras updated to the newer firmware and started to display their model number.

I was trying to search by firmware as well to see what it might be assigned to with no luck.

Here are the 8 camera firmware versions I have;

ip camera.PNG
Short of dis-mounting my last 4 cameras to establish if they are even compatible with the firmware update, does anyone have any suggestions?

Any pointers would be great, first time upgrading firmware as Andy indicated it was an important security update so I want to so it right, so far so good.
 
Bitslizer said:
Where can I find 13 and 15? I check the earlier thread and it seem the file drop box is deleted
Click to expand...

I need these too. 16 reboots my cameras and reverts the sub steam back to default settings at least once a day. That and I it keeps trying to dial back to China.

Has anyone successfully put the Amcrest firmware on the IPC-HDW5231R-ZE?
 
Juristo said:
I need these too. 16 reboots my cameras and reverts the sub steam back to default settings at least once a day. That and I it keeps trying to dial back to China.

Has anyone successfully put the Amcrest firmware on the IPC-HDW5231R-ZE?
Click to expand...

How many cams do you have that are randomly restarting? None of mine restart, I did reset them to default a number of times after applying the firmware.

The substream resetting I have with all of my cams, so substream 1 resets to default and substream 2 becomes disabled.
 
Glad I stayed with this version for the 2 I have. works fine here..

V2.800.0000013.0.R, Build Date: 2019-12-02
 
I have never had either the main stream nor sub-stream 1 reset, on any of our Dahua cams, any firmware revision, with our Synology Surveillance Station NVR.
 
IAmATeaf said:
How many cams do you have that are randomly restarting? None of mine restart, I did reset them to default a number of times after applying the firmware.
Click to expand...

Two out of five reset regularly. I downgraded to v15 today though which seemed to solve the substream persistence issue. Now I don't really care if they reset since I won't have to reconfigure them each time.
 
Dramus said:
I have never had either the main stream nor sub-stream 1 reset, on any of our Dahua cams, any firmware revision, with our Synology Surveillance Station NVR.
Click to expand...

For me with v16 if you change any of the properties on substream1 or enable substream 2, after a restart, substream 1 has reset back to default values and substream 2 is disabled.

All 6 of my 5231-ze cams do this as I’ve tested this on all. I used to use the 720p substream on substream 2 but now have set BI to just use substream 1 in case the cam ever reboots by itself.
 
IAmATeaf said:
For me with v16 if you change any of the properties on substream1 or enable substream 2, after a restart, substream 1 has reset back to default values and substream 2 is disabled.
Click to expand...
Well day-um :(

I just tested the two 5231s I upgraded to v16, and damned if you aren't right: Configure substream 1, reboot the camera, and bam: Right back to default values. Not very handy.

@EMPIRETECANDY: Any chance you can persuade Dahua to fix this bug and do a new release?
 
I can report the same issue on 16 - substream 1 reset and substream 2 reset / disabled. A huge problem for AI / face / object detection that should not use main stream
 
You must log in or register to reply here.
Top Bottom