Hikvision iVMS-4200 suffers from a vulnerability that allows anyone local, without authentication, to generate a code that Hikvision will respond by emailing the admin password in plain text.This is different than the. Because it is for the iVMS-4200, exploiting this vulnerability would provide access to all devices connected to the iVMS-4200 including Hikvision cameras and recorders, as well as any 3rd party cameras connected through those recorders.In this report we detail the vulnerability, explaining how it can be exploited and the security problems therein.-. a. anyone.,., to generate. will. admin. text.
the. Marty is implying that enterprise level customers should be using Hik-Central.Whether they should use Hik-Central or not, it just reached general availability less than 2 months ago:So the reality is, regardless of what their customers should be using, overwhelming customers, enterprise or not, are using iVMS-4200 since Hik-Central is brand new.Of course, raising Hik-Central is simply a smokescreen to the fact that Hikvision's poor cybersecurity policy allowed emailing admin passwords in plain test.
The code must be entered into the via Hikvision SADPtool in the Serial code box (called Security Codein later SADP versions). The camera will compare its internal date andtime with the date and time you have entered above. The Serial Numberand date much match perfectly or else the code will not work.
The password will be reset to 12345; For (Option2)Encrypted File Export the XML file and send it to Hikvision Support team Hikvision team will send you the encrypted password reset file Choose the path of the file, enter new password and click Confirm. For (Option3)Encrypted File or Key Follow Option 1 or 2. Hikvision NVR/DVR Password Reset by local menu.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |