Defense Against NVR/DVR Scripted Application

Defense Against NVR/DVR Scripted Application

March 2nd, 2017

Dear Valued Partner,

Hikvision has determined that there is a scripted application specifically targeting Hikvision NVRs and DVRs that meet the following conditions: they have not been updated to the latest firmware; they are retained as the default port, default user name, and default password.

Hikvision has introduced secure Activation Mechanism into all of product lines since March of 2015, it is required to create password when first login. However, it was possible, before that date, to install NVRs and DVRs with default settings. Therefore, we provided updated firmware which includes this mandatory setting for customers to upgrade existing devices.

Hikvision strongly recommends that our customer base review the security levels of equipment installed prior to March 2015 to ensure the use of complex passwords and upgraded firmware to best protect their customers.

Below are firmware and password guidelines and specific steps to take to secure a system:

Password and Firmware Overview

•    Leaving factory-default, poorly chosen, or weak passwords in your camera or video recorder may result in unauthorized access or exploitation of your company resources.

•    Change every password in every device occasionally. Old passwords can carry additional risk.