alastairstevenson
Staff member
Hikvision removed the telnet tickbox enable from the web GUI several firmware revisions ago, and also removed telnetd from the installed version of Busybox in the 3.4.90 firmware.
Telnet Hikvision NVR a simple guide
- Thread starter DaveP
- Start date
alastairstevenson
Staff member
The firmware would have to be modified to restore that functionality within it, for example by replacing the limited version of Busybox with a version that included telnetd.
But I see from looking at the start.sh in the K51 firmware that the dropbear SSH server is included, with RSA key authentication.
This (actually a much earlier dropbear version, without the RSA keys) is what Hikvision have used for quite a while to provide SSH access for the cameras.
I don't have a 76xxNI-In NVR to try this on, so I'm note sure what Hikvision may have done with it to limit it's use for an end-user.
But I see from looking at the start.sh in the K51 firmware that the dropbear SSH server is included, with RSA key authentication.
This (actually a much earlier dropbear version, without the RSA keys) is what Hikvision have used for quite a while to provide SSH access for the cameras.
I don't have a 76xxNI-In NVR to try this on, so I'm note sure what Hikvision may have done with it to limit it's use for an end-user.
What do you think their logic is with this? With all the other potential vulnerabilities out there you'd think that shipping out telnet as an option but not enabled would not be much of a concern.
alastairstevenson
Staff member
I'm speculating a bit -
Hikvision have put quite a bit of work into locking down NVR and especially camera firmware so that some options that might be beneficial to people who have obtained products at low cost via what we are calling 'grey market on-line resellers' are not available.
One of the more obvious ones is the 'region locking' strategy where a camera bought in China will be rejected by an NVR not bought in China.
We've seen how easy it used to be to do the 'MTD hack' via a telnet shell on old-model cameras and firmware.
Telnet access into the running environment provides a powerful way to explore and understand the operations and methods and protection used within the device, so makes it a lot easier for someone to reverse-engineer the device and potentially circumvent some of Hikvision's imposed restrictions.
So remove it - make it more difficult for the explorer, and a 'normal' end-user has no need of it, do they?
As I said - just speculating a bit.
Others may have different thoughts.
Hikvision have put quite a bit of work into locking down NVR and especially camera firmware so that some options that might be beneficial to people who have obtained products at low cost via what we are calling 'grey market on-line resellers' are not available.
One of the more obvious ones is the 'region locking' strategy where a camera bought in China will be rejected by an NVR not bought in China.
We've seen how easy it used to be to do the 'MTD hack' via a telnet shell on old-model cameras and firmware.
Telnet access into the running environment provides a powerful way to explore and understand the operations and methods and protection used within the device, so makes it a lot easier for someone to reverse-engineer the device and potentially circumvent some of Hikvision's imposed restrictions.
So remove it - make it more difficult for the explorer, and a 'normal' end-user has no need of it, do they?
As I said - just speculating a bit.
Others may have different thoughts.
alastairstevenson
Staff member
alastairstevenson
Staff member
This requires modified firmware. Hikvision removed telnet from the version of Busybox that's installed in the firmware.
jojojosefh
n3wb
- Oct 8, 2016
- 1
- 0
hi i would like to ask question can i change password or remove password using telnet?
or if i dont know the admin password, can i still access the dvr?
or if i dont know the admin password, can i still access the dvr?