Jump to content
enoxos

DVR reps have access to DVR

Recommended Posts

hello there,

 

I called my DVR's representatives to find out why my web monitoring viewer was acting up. He asked for my IP which I gave to him and he said he was able to see the video output. After some troubleshooting, we solved the minor problem.

 

Here is the question, how the hell he logged into my DVR and was able to view the cameras? I never gave him the password since he never asked anyway.

 

Apparently, there must be a reset password that they can use to have full control of the DVR.

 

Is there a way to delete this reset password and have my DVR log in only with my password?

 

thank you fellas

Share this post


Link to post
Share on other sites

hello there,

 

I called my DVR's representatives to find out why my web monitoring viewer was acting up. He asked for my IP which I gave to him and he said he was able to see the video output. After some troubleshooting, we solved the minor problem.

 

Here is the question, how the hell he logged into my DVR and was able to view the cameras? I never gave him the password since he never asked anyway.

 

Apparently, there must be a reset password that they can use to have full control of the DVR.

 

Is there a way to delete this reset password and have my DVR log in only with my password?

 

thank you fellas

 

Are u using default user name and password which come with DVR

Then may be why ....

Edited by Guest

Share this post


Link to post
Share on other sites

 

Are u using default user name and password which come with DVR

Then may be that why ....

 

 

actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible.

 

thanks

Share this post


Link to post
Share on other sites

 

Are u using default user name and password which come with DVR

Then may be that why ....

 

 

actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible.

 

thanks

 

U have to supply info about DVR

as much as u know

We can't guess or assume

 

( reset password usually is being use to reset unit locally only

or reset is done by using DVR front buttons)

Share this post


Link to post
Share on other sites

 

U have to supply info about DVR

as much as u know

We can't guess or assume

 

( reset password usually is being use to reset unit locally only

or reset is done by using DVR front buttons)

 

 

the DVR is from Q-see and the model is QSDR-0008RTC

Share this post


Link to post
Share on other sites

I have regained control of DVRs with a unknown manufacturer password before, the master password was not on the list and could not be erased. I often wonder about the ability of the manufacturer to spy on us with dvrs. I know that we do give the dvr a few open ports to play with on most networks. a perfect spy tool, they are everywhere!

ever wonder why those dvrs and cards are so cheap..... lol

 

empak

Share this post


Link to post
Share on other sites

What was acting up? I just sent that exact same model back because it kept crashing every time I used the iphone app and large blocks of recorded data would all of a sudden be un-accessible.

Share this post


Link to post
Share on other sites

 

Are u using default user name and password which come with DVR

Then may be that why ....

 

 

actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible.

 

thanks

 

 

Hi for them to get into your dvr you would have had to of given them your ip address ................. just change it

Share this post


Link to post
Share on other sites
the DVR is from Q-see and the model is QSDR-0008RTC

There are 3 remote viewing passwords that need to be changed:

1 - admin password

2 - user password

3 - mobile password

You indicated that you changed the admin password. What about the others?

 

Also, for an additonal layer of security the ports should be changed from defaults. The defaults are 9000 and 80. When you change the http port (80) you'll need to use the port number with the IP address. For instance, if the DVR has an internal IP address of 192.168.1.200 and you change the port to 83 you'll need to use http://192.168.1.200:83 in a web browser to access the DVR, or 192.168.1.200:83 in the remote viewing software. Same thing goes when accessing the DVR with the WAN IP address (just substitue the WAN IP address for the internal IP address in the above example). Along the same lines, if you change the media port from 9000 to 9003 (for instance) you'll need to specify that port also.

 

Oh, the model is QSDR008RTC (removed the extra 0).

Share this post


Link to post
Share on other sites

I just plugged in the QR-414 DVR that I received today, and was shocked to learn there is a master password, clearly documented in the manual's FAQ section, that allows you to have admin access to the box with no questions asked.

Share this post


Link to post
Share on other sites
I just plugged in the QR-414 DVR that I received today, and was shocked to learn there is a master password, clearly documented in the manual's FAQ section, that allows you to have admin access to the box with no questions asked.

Yes this is common with most DVRs. In most cases it can be changed.

Share this post


Link to post
Share on other sites
I have regained control of DVRs with a unknown manufacturer password before, the master password was not on the list and could not be erased. I often wonder about the ability of the manufacturer to spy on us with dvrs. I know that we do give the dvr a few open ports to play with on most networks. a perfect spy tool, they are everywhere!

ever wonder why those dvrs and cards are so cheap..... lol

 

empak

 

 

exactly my thoughts.

if the manufacturer or the dealer has a master password (namely the reset password), they can see everything provided they know the ip.

Share this post


Link to post
Share on other sites

 

Are u using default user name and password which come with DVR

Then may be that why ....

 

 

actually, this does not work. I have changed the admin password at the DVR, but the guy was able to log in regardless. This reset password they have is universal, but I would like to disable it or change it if possible.

 

thanks

 

 

Hi for them to get into your dvr you would have had to of given them your ip address ................. just change it

 

True, but here is the deal by having a dynamic IP.

only the last 2 set of numbers change when your dynamic IP resets every so often. Therefore, there is a small, but yet a chance to get it right by pure guessing. (actually it is 1 in 256*256 = 1 / 65536). If only the last set changes, then it is 1/256, pretty good chances if you ask me.

 

Of course the issue is a privacy one and when you have a system at home, this privacy issue is not to be taken lightly to my opinion.

Share this post


Link to post
Share on other sites
the DVR is from Q-see and the model is QSDR-0008RTC

There are 3 remote viewing passwords that need to be changed:

1 - admin password

2 - user password

3 - mobile password

You indicated that you changed the admin password. What about the others?

 

Also, for an additonal layer of security the ports should be changed from defaults. The defaults are 9000 and 80. When you change the http port (80) you'll need to use the port number with the IP address. For instance, if the DVR has an internal IP address of 192.168.1.200 and you change the port to 83 you'll need to use http://192.168.1.200:83 in a web browser to access the DVR, or 192.168.1.200:83 in the remote viewing software. Same thing goes when accessing the DVR with the WAN IP address (just substitue the WAN IP address for the internal IP address in the above example). Along the same lines, if you change the media port from 9000 to 9003 (for instance) you'll need to specify that port also.

 

Oh, the model is QSDR008RTC (removed the extra 0).

 

 

 

Here is the head scratcher: I just gave my techie the Ip only without the port and he got into the system with in 5 seconds.

 

Now, keep in mind that I was NOT using the default port and I had changed the admin password.

 

I had also changed the other passwords as well, user and mobile, prior to talking to the techie.

 

So, I am guessing that the techies with the master-reset password only need the IP address and they search through the ports with a brute force search engine that tries all the ports from 80 to 9000 and it is a guaranteed that they will get into the DVR.

 

this is scary

Share this post


Link to post
Share on other sites
I would be more concerned about it only being CIF recording.

 

 

why only for CIF recording?

 

what is CIF recording anyway? and how is different than other modes?

 

thanks

Share this post


Link to post
Share on other sites
One of the first things you should do is change the default admin password.

changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that.

Share this post


Link to post
Share on other sites
One of the first things you should do is change the default admin password.

changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that.

 

sounds like back door access

Share this post


Link to post
Share on other sites
One of the first things you should do is change the default admin password.

changing the admin password does not solve the problem because there is another reset password that can NOT be reste and only techies know that.

 

sounds like back door access

 

this exactly what it is.

 

I understand that sometimes we forget the admin pass and they can reset it by sending it to the manufacturer, but i believe that the consumer should have the choice to block any access to their DVRs regardless of what password the techies have.

 

Or the reste could also be done by a combination of the hard buttons on the DVR that resets to its default state with a trivial admin pass.

 

I just do not see why is it that the techies have a reset pass that allows them access to the DVR at any time.

 

this is at least troublesome. We all heard stories of leaked videos on youtube lol

Share this post


Link to post
Share on other sites
Here is the head scratcher: I just gave my techie the Ip only without the port and he got into the system with in 5 seconds.

 

Now, keep in mind that I was NOT using the default port and I had changed the admin password.

 

I had also changed the other passwords as well, user and mobile, prior to talking to the techie.

 

So, I am guessing that the techies with the master-reset password only need the IP address and they search through the ports with a brute force search engine that tries all the ports from 80 to 9000 and it is a guaranteed that they will get into the DVR.

 

this is scary

 

Did you ask him what he did?

Send one of us the IP to test?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×