Telnet Hikvision NVR a simple guide

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Hikvision removed the telnet tickbox enable from the web GUI several firmware revisions ago, and also removed telnetd from the installed version of Busybox in the 3.4.90 firmware.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
The firmware would have to be modified to restore that functionality within it, for example by replacing the limited version of Busybox with a version that included telnetd.
But I see from looking at the start.sh in the K51 firmware that the dropbear SSH server is included, with RSA key authentication.
This (actually a much earlier dropbear version, without the RSA keys) is what Hikvision have used for quite a while to provide SSH access for the cameras.
I don't have a 76xxNI-In NVR to try this on, so I'm note sure what Hikvision may have done with it to limit it's use for an end-user.
 

Hotelone

Getting the hang of it
Joined
Nov 13, 2015
Messages
218
Reaction score
17
Location
Central Sierra Mountains, CA USA
What do you think their logic is with this? With all the other potential vulnerabilities out there you'd think that shipping out telnet as an option but not enabled would not be much of a concern.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I'm speculating a bit -
Hikvision have put quite a bit of work into locking down NVR and especially camera firmware so that some options that might be beneficial to people who have obtained products at low cost via what we are calling 'grey market on-line resellers' are not available.
One of the more obvious ones is the 'region locking' strategy where a camera bought in China will be rejected by an NVR not bought in China.
We've seen how easy it used to be to do the 'MTD hack' via a telnet shell on old-model cameras and firmware.

Telnet access into the running environment provides a powerful way to explore and understand the operations and methods and protection used within the device, so makes it a lot easier for someone to reverse-engineer the device and potentially circumvent some of Hikvision's imposed restrictions.

So remove it - make it more difficult for the explorer, and a 'normal' end-user has no need of it, do they?

As I said - just speculating a bit.
Others may have different thoughts.
 

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
Telnet is bad, hopefully the vendors start implementing SSH.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
The cameras have SSH, and the 76xxNI-Ix K51 NVRs have SSH. With RSA key authentication.
Telnet is out on the current firmware.
 

Carcus

Getting the hang of it
Joined
Oct 24, 2015
Messages
144
Reaction score
17
Is anyone aware of how to gain console access to the 7608NI-E2 with 3.4.90 firmware? thanks
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
This requires modified firmware. Hikvision removed telnet from the version of Busybox that's installed in the firmware.
 

jojojosefh

n3wb
Joined
Oct 8, 2016
Messages
1
Reaction score
0
hi i would like to ask question can i change password or remove password using telnet?
or if i dont know the admin password, can i still access the dvr?
 

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
hi i would like to ask question can i change password or remove password using telnet?
or if i dont know the admin password, can i still access the dvr?
Change it via the browser using the IP address of the camera.
 
Top