Q: Hikvision camera firmware upgrades

Forums › Gadgets, robotics, home automation, electronics (including wearables) › Q: Hikvision camera firmware upgrades

BruceeNZ

18 posts

Geek
+1 received by user: 2

#289794 29-Sep-2021 14:34

Afternoon all,

Based on this post:

https://www.infosecurity-magazine.com/news/vulnerability-hikvision-cameras

I'm in the process of updating a NVR for a charity. The unit is a DS-7604NI-K1/4P (about 4 years old I suspect), and I can find firmware on the Hikvision international site here:

https://www.hikvision.com/en/support/download/firmware/

but cannot see this model on the ANZ support site, which I'm accessing here:

https://www.hikvision.com/au-en/support/download/firmware/

Has anyone had any luck sourcing firmware locally? My understanding is that loading international firmware on these is risky, and the available download has a (C) after the file which makes me wonder if it's a Chinese language firmware.

Any advice appreciated,

Thanks,

Bruce

1 | 2

1396 posts

Uber Geek
+1 received by user: 974

ID Verified

Trusted

#2786373 29-Sep-2021 14:43

Where did the cameras come from?
A lot of cameras sourced internationally (aka Aliexpress) or not via official distributors often have hacked English firmware and will never get an official english firmware release.

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786381 29-Sep-2021 14:55

Andib:
Where did the cameras come from?
A lot of cameras sourced internationally (aka Aliexpress) or not via official distributors often have hacked English firmware and will never get an official english firmware release.

A security company in Hamilton, so I'm pretty sure they're through Atlas Gentech.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#2786397 29-Sep-2021 15:16

If the unit is from Atlas, give them a call. They will happily provide a firmware file for you. They may just want the serial to check it came from them.

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786401 29-Sep-2021 15:23

chevrolux:
If the unit is from Atlas, give them a call. They will happily provide a firmware file for you. They may just want the serial to check it came from them.

Thanks, I'll try. Last time I communicated with them they weren't keen to help (as I'm an end user, not a reseller), and the installer wouldn't help without a PO...

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786419 29-Sep-2021 16:12

I had a call back from Atlas: as I'm an end user they won't/can't help. I'll see if I can find out who the reseller or installer was. Any other obvious options that people can suggest?

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#2786426 29-Sep-2021 16:27

*makes mental note never to buy anything that comes via Atlas Gentech*

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#2786431 29-Sep-2021 16:35

Ohh sorry that's a point. I've always had an account with them.
Surprised they wouldn't help though!

neb

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#2786511 29-Sep-2021 18:42

BruceeNZ: I had a call back from Atlas: as I'm an end user they won't/can't help.

Did you mention it was for a charity and there's no money changing hands in the process? They may be less reluctant if they hear it's being done to help out a charity.

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786648 29-Sep-2021 21:09

Thanks for the replies folks. Yes it's to help out a charity, but the charity purchased the camera system ~4 years ago. I can understand Atlas Gentech's point of view: if they helped all end users they could significantly increase their support cost, so they'll ask their reseller base to do the end user support. Let's see if I can find someone at reseller level to help....

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2786650 29-Sep-2021 21:18

Most IT distributors will not provide support to end users - that is not their business model.

Many security resellers/distrobutors will also refuse to provide support to anybody who isn't a licenced security installer.

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786652 29-Sep-2021 21:22

sbiddle:
Most IT distributors will not provide support to end users - that is not their business model.

Many security resellers/distrobutors will also refuse to provide support to anybody who isn't a licenced security installer.

Gee I hope that's not the case here: I'm wanting to patch a vulnerable camera system (yes it's VLAN'd and segmented behind a firewall, and external access is only via VPN) rather than install it. Given the manufacturer has released a security advisory, made (some subset of) firmware updates publicly available on their web site, and said "patch now", I would have hoped the resolution would have been simple...

Dyson

Shop now for Dyson appliances (affiliate link).

neb

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#2786653 29-Sep-2021 21:30

BruceeNZ: Gee I hope that's not the case here: I'm wanting to patch a vulnerable camera system (yes it's VLAN'd and segmented behind a firewall, and external access is only via VPN) rather than install it. Given the manufacturer has released a security advisory, made (some subset of) firmware updates publicly available on their web site, and said "patch now", I would have hoped the resolution would have been simple...

Hikvision and Dahua are a pain in this regard, you can only go via a reseller and if the reseller won't play ball you're SOL. I realise this won't help you much but for others who are potentially facing this, the easiest way around it is to find a Dahua/Hikvision vendor who sell the gear direct to the public but under their own name. For example Amcrest are Dahua but without the Dahua name on it, and they'll deal directly with the public. They're also quite a bit cheaper than Dahua for some product lines, and in particular a lot cheaper than Dahua via resellers in NZ.

technician14

122 posts

Master Geek
+1 received by user: 9

#2786734 30-Sep-2021 06:42

Firmwares on the product page not support on au site

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2786737 30-Sep-2021 07:12

Hi, I look after a couple of APNR sites for our local rate payers assocation, I have called a local company who have a relationship with Atlas Gentec and hopefully will furnish me with patched firmware.

But as others have found, the appropriate firmware is not listed on the AU/NZ site, all of the product we have is not listed on the AU/NZ site and contacting Atlas Gentec resulted in a brush off.

Having had a relationship with them in the past I thought getting firmware would not be an issue, grrrr.

Cyril

BruceeNZ

18 posts

Geek
+1 received by user: 2

#2786749 30-Sep-2021 07:47

technician14: Firmwares on the product page not support on au site

The model I have has been superseded by the "B" revision and there is no AE-EN product page for the original model. The firmware linked off the product page for the "B" model is from several years ago and doesn't address the vulnerability mentioned above.

1 | 2