Defense Against NVR/DVR Scripted Application

Defense Against NVR/DVR Scripted Application

March 2nd, 2017

Dear Valued Partner,

Hikvision has determined that there is a scripted application specifically targeting Hikvision NVRs and DVRs that meet the following conditions: they have not been updated to the latest firmware; they are retained as the default port, default user name, and default password.

Hikvision has introduced secure Activation Mechanism into all of product lines since March of 2015, it is required to create password when first login. However, it was possible, before that date, to install NVRs and DVRs with default settings. Therefore, we provided updated firmware which includes this mandatory setting for customers to upgrade existing devices.

Hikvision strongly recommends that our customer base review the security levels of equipment installed prior to March 2015 to ensure the use of complex passwords and upgraded firmware to best protect their customers.

Below are firmware and password guidelines and specific steps to take to secure a system:

Password and Firmware Overview

•    Leaving factory-default, poorly chosen, or weak passwords in your camera or video recorder may result in unauthorized access or exploitation of your company resources.

•    Change every password in every device occasionally. Old passwords can carry additional risk.

•    Ensure all systems have the latest firmware.

•    All users, including contractors and vendors with access to your company systems, should take appropriate steps to select and secure their passwords and update your firmware on your system.

Password and Firmware Steps 

1.    Make sure to have your device behind a firewall.
o    Make sure that your firewall is updated with the latest firmware and that the default password is changed on your router.
o    If you want to have your device work with a Hikvision or third-party online services, make sure to set up port-forwarding on your firewall.

2.    Check if your system has the latest firmware. Here is a link to  check if your product needs to be upgraded to the latest firmware.

3.    After updating firmware, please restore factory default, and ensure that you have restarted your device.

4.    Once the device is restarted, it will ask you to give a more secure password.
o    Go through the process to secure your devices.

5.    Now that you have updated your device please make sure to change your password regularly.

Additional Information and Resources

•Technical Bulletin: How to Activate Device for DVR, NVR and IP camera

•Video:  How to upgrade NVR locally

•Video:  How to upgrade IPC or NVR in web interface

Please visit the Security Center on our website for additional information and updates. Should you require additional support, please do not hesitate to contact our local technical support team or at uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics and tailor our website’s content. For more information on cookie practices please refer to our cookie policy.

Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro
back to top

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.