Defense Against NVR DVR Scripted application

March 2, 2017


Valued Partner,

Hikvision has determined that there is a scripted application specifically targeting Hikvision NVRs and DVRs that meet the following conditions: they have not been updated to the latest firmware; they are set to the default port, default user name, and default password.

Hikvision has required secure activation since May of 2015, making it impossible for our integrator partners to install equipment with default settings. However, it was possible, before that date, for integrators to install NVRs and DVRs with default settings.

Hikvision strongly recommends that our dealer base review the security levels of equipment installed prior to June 2015 to ensure the use of complex passwords and upgraded firmware to best protect their customers.

Below are firmware and password guidelines and specific steps to take to secure a system:

Password and Firmware Overview

  • Leaving factory-default, poorly chosen, or weak passwords in your camera or video recorder may result in unauthorized access or exploitation of your company resources.

  • Change every password in every device occasionally. Old passwords can carry additional risk.

  • Ensure all systems have the latest firmware.

  • All users, including contractors and vendors with access to your company systems, should take appropriate steps to select and secure their passwords and update your firmware on your system.

Password and Firmware Steps

1. Make sure to have your device behind a firewall.

  • Make sure that your firewall is updated with the latest firmware and that the default password is changed on your router.

  • If you want to have your device work with a Hikvision or third-party online services, make sure to setup port-forwarding on your firewall.

2. Check if your system has the latest firmware. Here is a link to check if your product needs to be upgraded to the latest firmware.

3. After updating firmware, ensure that you have restarted your device.

4. Once the device is restarted, it will ask you to give a more secure password.

  • Go through the process to secure your devices.

5. Now that you have updated your device please make sure to change your password every 90 day.

Additional Information and Resources

Please visit the Security Center on our website for additional information and updates. Should you require additional support, please do not hesitate to contact our technical support team at 909-612-9039 or at


Team Hikvision North America

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).