Jump to content
ncohen

Another - Dahua DVR/NVR Hacked - how to protect older system

Recommended Posts

Hi,

 

So I've been installing Dahua systems over the last 6/7 years and have all sorts of devices out there, from DVR's running a few analogue cameras to large IP camera systems.

 

I always make sure to change all default passwords and keep on the latest firmware where possible. I have heard of the Dahua hacks a few months ago but didn't think much of it since I always change the passwords.

 

Fast forward to this week when I received three calls about systems going offline on Tuesday morning. I usually leave the auto Tuesday 2am reset on.

 

What I figured happened was the hackers got in Sunday/Monday and did their thing, the unit reboots and activates their new settings leaving the customer with a hacked system.

 

Here's where it gets weird. From the logs I can see their IP and that they have logged in using the '888888' login. Yes I know that is supposed to be a local login only but whatever it isn't. The thing is my custom password is still working and if I try log in with '888888' as the password it fails.

 

So, how did they get in? is there a backdoor utilizing the default password? is it via telnet and should/can I change the password there?

 

Are they able to get onto the local network this way?

 

Also, what is the best way to protect the units? with the newer NVR's I have the latest firmware from Dahua's website but is that enough? and what about the old DVR's I have out there with no firmware update available to them?

 

Any info would be a great help for me and I'm sure the many other who have had these hacks happen!

 

Images below

1564787961_DVR(Large).thumb.JPG.68fb7668d80a26de832581ff850bc88f.JPG

1047522346_NVR4108P(Large).thumb.JPG.739e62e98ce039dce9a2dd2a73ae9246.JPG

1501647399_DVR2(Large).thumb.JPG.f02d4b07d5093e05f69f3685a1d8eb76.JPG

Share this post


Link to post
Share on other sites

Model of your device, firmware version?

 

Hi,

 

3 x Units

 

1 - 16 Channel 960H DVR (Don't know model number) Firmware: 2.616.AD00.0, Build Date: 30-09-2013

 

2 - 4 Channel NVR, NVR104P, Firmware: 3.200.0000.4, Build Date: 09-05-2015. Updated to: 3.200.0000.0, Build Date: 31-03-17

 

3 - 8 Channel NVR, NVR4108P, Firmware: 3.200.0000.0, Build Date: 17-03-2015 Updated to: 3.203.0000.0, Build Date: 12-06-17

 

any other information required please let me know

Share this post


Link to post
Share on other sites

You need to remove the Telnet function on the DVR / NVR this is where the issue is they can get in no matter what passwords you have changed they are only soft hacked once you log in via Admin and default and setup again all goes back to normal.

Dahua have stated that any firmware dated 2017 will be covered fine

 

Contact your supplier they will have the software to sort the Telnet issue

Share this post


Link to post
Share on other sites
You need to remove the Telnet function on the DVR / NVR this is where the issue is they can get in no matter what passwords you have changed they are only soft hacked once you log in via Admin and default and setup again all goes back to normal.

Dahua have stated that any firmware dated 2017 will be covered fine

 

Contact your supplier they will have the software to sort the Telnet issue

 

Hi,

 

I've seen this code: http:///cgi-bin/configManager.cgi?action=setConfig&Telnet.Enable=true

 

Is there something similar which can disable telnet?

 

I did telnet into my older DVR (doesn't work on my 4104 NVR) and looked around but that didn't record any log of my entry. What would have to be done to cause a log to be recorded?

 

Thanks

Share this post


Link to post
Share on other sites
You need to remove the Telnet function on the DVR / NVR this is where the issue is they can get in no matter what passwords you have changed they are only soft hacked once you log in via Admin and default and setup again all goes back to normal.

Dahua have stated that any firmware dated 2017 will be covered fine

 

Contact your supplier they will have the software to sort the Telnet issue

 

In my clients case the NVR is behind Cisco NAT router and telnet port is not forwarded. Unless they did hack the router also...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×