01304 827609 info@use-ip.co.uk Find us

Firmware Hikvision declare new vulnerabilities in mass email blast sent Saturday 18th September 2021

Is there any update from Hikvision on when they will complete the firmware releases for affected cameras? I believe they stated 24 September was the date they expected to do that, however it is now well past that date and many of the cameras affected still do not have updated firmware.
 
Hikvision PTZ cameras
Hello - so if I have my Hikvision NVR and Cameras behind my talktalk broadband router (which supposedly has its own in built firewall) is there any risk ? I dont see how anyone can get beyond my router to get to my cameras. I do use HikConnect though...???
 
Hello from across the pond!
As I posted in another thread, I have not found DS2CD2042WD-1 cameras on the most recent list of affected cameras, And camera firmware is older than the recent security issue.
I’ve sent emails and web requests on the model not being listed, to USA Hikvision Sales & Support a month ago. Without a reply since then.

Now with that said. I do have inbound and outbound ‘traps’ set for the IP’s of these cameras in my firewall, and there has not been any ‘Hits’ to these rules in 2 years.
(Edit after Dan's post below) I do not use Hik-Connect.. I do, however, use IVMS-4500 to view cameras from within the LAN, but no external (WAN) access has been set up

Has there been any updates on this model: DS2CD2042WD-1
Thank you!
 
Last edited:
Hi @jugglerb

If the cameras are not accessible from outside your local network then we would think there is minimal risk to your cameras, but as you are using Hik-Connect the safest thing would be to check you are running the latest firmware and update if not.

Hi @Jan J

In the UK/EU the 2042WD-I model is covered by the R0 firmware and there has been a patched firmware released - V5.4.800 210813 - this may work with your camera, but as a US model we cannot guarantee this and if it does install you may see glitches/performance issues as the firmware is not fully compatible.
 
Thanks... However the Readme First indicates it covers:
DS-2CD1?32
DS-2CD2?22
DS-2CD2?12
DS-2CD2?31
cameras.... Are you certain it covers the DS-2CD2042WD-1 camera?

Now I did go back to Hikvision USA firmware site and check the 2CD2012 and 2CD2022 and 2CD2042 versions, and yes, they all use same version firmware, but the version listed at USA Site is Firmware: IPC_R6_EN_STD_5.5.82_190220 and which, though older has a higher Version number than the link you suggested... though at the USA site it says that version is not guaranteed to work also .... !!??!! Now that is confusing and why:
I'm presently running V5.5.53 build 180730 on my 12 cameras, with no "Hits" seen on rules in firewall blocking inbound and outbound access.

Yes, I have been informed before that different cameras have different Region firmware... and I'm trying valiantly to follow the rules...

It would have been far simpler for me , if USA Support or USA Sales would have answered me...

Do you have an email to USA Support that you know they will answer to? USA is not responding to Web communications... Thanks again...... Actually I'm quite pleased with the quality and stability of the Hikvision cameras....
 
Last edited:
Hi @Jan J

The 2042WD-I model is an odd model because it is one of the very few 4MP (2x42) models that is supported by the R0 firmware because once the 2x42FWD models came in they started using the R6 firmware, I hadn't initially noticed that the firmware version the US site is promoting for the 2042WD is the R6 firmware, which might further suggest that in the US the model is labelled R6 rather than R0 and the UK/EU R0 firmware likely won't work.

For the time being, I would just stick with the latest firmware that is being suggested for the 2042WD on the US site because that is also the same latest firmware for the UK/EU R6 models.

Unfortunately, as we do not have any US customers we do not regularly contact Hikvision US so don't have any direct support contact details. Their Contact Us section does include phone numbers so maybe a last-ditch option would be to actually phone them if you cannot get a response via email.
 
I'm getting more -- Good, In Depth information from this site than I ever got from USA site....

The one time I did call USA Support, nearly 3 years ago, we never got to subject at hand, but instead got embroiled into camera serial number being not registered.. and when I gave the number to him off camera, including a picture of it, he said it was invalid camera and would not go further without a valid serial number.... Also said loading firmware onto camera would destroy the camera.....

I then found this site, and Phil explained the issue I had (which had been fixed in later firmware, which loaded successfully, by the way!)... and I've been here ever since....

I've got 12 camera's now... I'll try USA support Phone # again.... but I'm not holding my breath..... If you know what I mean.... !!
 
Update on my findings... Getting ready for the phone call....
One of the 12 cameras I have came with latest USA firmware: 5.5.82 Build 190220 installed.
That's the one on USA Support site says is not guaranteed to work.. Yet it came installed on camera...
Looking at the pdf release notes in the zip file for Build 190220, the release notes indicate build 180427 yet camera Configuration settings reports: 190220 ???

Does anyone have access to the pdf file release notes for 5.5.82 Build 190220?

I see nothing in Menus or 2 years of operation to indicate a operational difference between 5.5.53 Build 180730, and 5.5.82 Build 190220

The Zip file for 5.5.53 did not contain a pdf file of release notes.... Would anyone have those also?

Thank You
 
Hi @jugglerb

If the cameras are not accessible from outside your local network then we would think there is minimal risk to your cameras, but as you are using Hik-Connect the safest thing would be to check you are running the latest firmware and update if not.

Hi @Jan J

In the UK/EU the 2042WD-I model is covered by the R0 firmware and there has been a patched firmware released - V5.4.800 210813 - this may work with your camera, but as a US model we cannot guarantee this and if it does install you may see glitches/performance issues as the firmware is not fully compatible.
Thanks Dan
 
Cannot find a USA Version of that code.
Would you have a link?

PS: HiKvision USA download portal does not see that code applied to other USA cameras seen in the UK read me first filename your link.
 
Last edited:
The firmware IPC_R0_EN_STD_5.4.800_210813 (supported models - DS-2CD2x32, DS-2CD2x22, DS-2CD2x12, DS-2CD2x31) has a bug with audio stream.
Camera DS-2CD2532F-IS (DS-2CD2x32)

It is not possible to correctly play files downloaded from the camera (downloading) or recorded from the browser interface by pressing the record button (Internet explorer). A frozen picture with sound is played.

Camera settings were reset to default.
The memory card has been formatted.

To reproduce the problem:
1. Enable audio for the stream.
2. Record a video fragment from a liveview (internet explorer) or download a recording from a camera from browser (for example, continuous record)

Looking through the MediaInfo information about the codec, you can see what the error is:

For example
Audio stream
Delay relative to video: 29s 156ms
or Delay relative to video: 19mn 15s
or Delay relative to video: 2h 38mn

This delay should only be a few ms (milliseconds).

You can also notice that since the previous update 5.4.5, the Encoding Version = V5.0 build 181011 component has been updated. It looks like a bug in it.
 
Last edited:
And still — unless I missed something obvious: for my HiKvision camera:
2CD2042WD-1. I do NOT see any firmware update for that model at links provided or USA Site! For this or previous security issue in September.

I have, however, in. an abundance of caution, Denied Internet access, in firmware settings of 2CD2042WD-1 cameras, and firewall in my Router!
And in past year, no ‘hits’ on the firewall rule have been tripped, so I assume it’s working!
 
Hello! Please, where can I find the latest firmware to correct the current vulnerability for the DVR models DS-7208HQHI-F1 and DS-7216HQHI-F1? I'm receving an alert on Hik-Connect about the need to update the firmware, but when I click on the update button the error 380004 occurs. Thanks!
 
Hi @Dropper

What firmware version(s) are your DVR models currently running? The latest version I can see for your models would appear to be v3.4.89 which was released 2018/2019. Not all Hikvision products have received updates to patch the vulnerability as some very old models did not support the feature that was found to be vulnerable.

You would need to speak to your original seller/installer or speak directly to Hikvision support to see if they can confirm whether or not your particular models are vulnerable.
 
I have sent 3 emails to support that have fallen on deaf ears.
2CD2042-WD1 in the states have not received an update

I have locked them out: (12 cameras) from internet access in firewall, while I patiently await a firmware update that has not yet happened, and no subsequent response from multiple requests from HikVision Sales or Support has happened!

At this point, (other than LAN Access), no remote access is possible.
 
Hi @Jan J

Have you tried emailing Hikvision Security Response Center at hsrc@hikvision.com?

The original document that announced this vulnerability said any issues or concerns should be reported to this email address, they should be able to tell if there is a new firmware and/or whether this model is actually at risk of the vulnerability.
 
Hi @Jan J

Have you tried emailing Hikvision Security Response Center at hsrc@hikvision.com?

The original document that announced this vulnerability said any issues or concerns should be reported to this email address, they should be able to tell if there is a new firmware and/or whether this model is actually at risk of the vulnerability.
I just emailed them at the email address you just posted! Thanks!!
 
  • Like
Reactions: Dan
I never received an answer to my email.... after first one was sent...
So I sent another 3 days ago.....

So Today I sent a third email to: hsrc@hikvision.com

Still awaiting an answer!
 
Back
Top