Anyone try V5.5.82 build 180427 on DS-2CD2042WD-1 Camera?

[Jan J]

Hello... From the States across the pond!
Someone informed me that my DS-2CD2042WD-1 cameras, presently with V5.5.53 Build 180730 may have a security issue.... and suggested I go to V5,5,8 or later firmware...
I did find V5.5.82 Build 180427 on the HiKvision USA Site.... It appears to be for multiple cameras.....

I just thought the you folks may have better info on this firmware than I.... Is it OK for a DS-2CD2042WD-1 camera?

I've got 12 of them... No DVR, Just cameras....

Thanks for your comments in advance!!!
Jan

 

[Dan]

Hi @Jan J

As far as we are aware that is the latest firmware available for your model in your region, but we don't think it is new enough to fix the vulnerability as that requires firmware with a build version newer than 210625

I would recommend contacting your original supplier/installer and/or contact Hikivision US support directly to locate a fixed firmware or get an update on when a fixed firmware will be released.

 

[Jan J]

Thanks very much Dan.... In the past Hikvision USA will not speak to me... I've tried...
I am not using them with DVR, they are stand alone cameras ftp'ing & Stream going to NAS only....
I've isolated the cameras via router firewall: They have no web access, and I have traps with "HITS" on both inbound and outbound traffic to those IP's, and those remain at Zero "Hits" inbound or outbound to the cameras in the past 2 years... Any other info on this new vunerability is appreciated... Jan

 

[Jan J]

Further question..... According to this link I was given:

Command Injection Vulnerability

September 19, 2021

www.hikvision.com

The DS-2CD2042WD-1 camera is not listed in the list of firmware fixes....
But
This model is Also isn't listed in the List of Affected Cameras, either!!! ?????

Is this an oversight, or what?

 

[Dan]

Hi @Jan J

Yes, your model is not on the initial list of affected cameras, but in reality, this issue will affect almost all Hikvision cameras as most of them are not running firmware with a build time more recent than 210625 (25th June 2021). If you go back to that vulnerability post you will see that I have updated the fixed firmware table today with more models that were not on the initial list.

Currently, Hikvision has not published a fixed firmware for R6 cameras (2x22FWD, 2x42FWD) like the one you have, but there should be a new version posted in the next couple of days.

I should also point out that we are based in the UK so all the firmware I have linked to in that table is from the UK & EU portals and those versions may not be compatible with US camera models.

If you can't get a response from US Hikvision support then I would just keep monitoring the product page because the fixed firmware should be posted publicly soon.

 

[Jan J]

Thanks very much for in-depth reply!
Will be looking for it

Are they planning on updating discontinued products?

 

[Jan J]

I've clicked the USA Contact at Hikvision's Website to both Support and to Sales asking why camera isn't listed as one of the models with this issue, and also asked for a link to USA version of the "Fix" for the September 2021 Issue....If anything is answered I'll inform what USA folks say....

After the last firmware update I added (5.5.53) I also Added 2 'Traps' in the Router Firewall... One to Deny any Outbound activity, and one to Deny any Inbound activity to the 12 IP's the cameras use (All Static IP Here).... The rules in the Firewall do Show "Hits" when tripped.... In 2 years I've never seen any "Hits" on these rules in the Firewall... (I do not have any Outgoing settings set in cameras)

Anything else you can tell me about this issue? Thanks...