Security problem

[konila]

Hi

I received a dt-c8815, I added the camera to the mobile application and I replaced the default password.

Then I dowloaned the CMS Client programm for Windows.
User: admin
Pwd: let it empty

Then the application automatically added the camera without asking me the password of the camera!

That means if someone (hacker etc.) has access to my network, he could be able to watch the camera...

Second problem: anybody having access to the network can watch the camera with VLC and rtsp://IPadr:554/onvif1

 

[Jackie]

The CMSClient software only can automatically discover cameras in the same local network.
Although it automatically add the cameras, but the password will be incorrect. If you wish you watch the video, you have to manually modify the password. So, your camera will be secure from hacking.

Typically, your ISP will give you a dynamic IP address, people can not access your computers/cameras directly, unless you use the DDNS service.
The RTSP stream therefore only be accessible by local computers, it's also secure. Additionally, the latest firmware requires the account and password to access the RTSP video stream. The latest rtsp url should be rtsp://admin:123@IPadr:554/onvif1

 

[konila]

Hi

The CMSClient software only can automatically discover cameras in the same local network.

Yes. But if someone can access my network for any reason, he could access the video too...

Although it automatically add the cameras, but the password will be incorrect. If you wish you watch the video, you have to manually modify the password. So, your camera will be secure from hacking.

The first time I used CMSClient, the application added the camera without asking any password. I was able to watch the video. It's strange that it didn't require the password I set with the mobile application.
In CMSClient I changed the admin password. Does it mean if someone else uses CMSClient, it will require this new password ? [/QUOTE]

The RTSP stream therefore only be accessible by local computers, it's also secure.

Hum not enough. If your home's door is locked...you still need a strong-box for your money.

Additionally, the latest firmware requires the account and password to access the RTSP video stream. The latest rtsp url should be rtsp://admin:123@IPadr:554/onvif1

I was pretty sure I updated the firmware when I received the camera. I will check it again.

 

[Anonymous]

When firstly run the CMSClient software, it's only able to discover the new devices connected in the same local network.
It will add the camera with default password (123), if users changed the password, the software will not able to play the video although they are in the same local network.

Most IP cameras don't need account authorization if users access the RTSP stream in the same local network. Here is the RTSP URL list for different brand IP cameras.

 

[J-C]

Hello,

The new firmware with password access for RTSP and ONVIF will be available for all YooSee cameras or not ?

My YooSee cams have 2 years old... and for the moment, no password for RTSP or ONVIF... not very secure.

Do I have to wait for a futur automatic camera firmware update, or can i update manually with this security patch ?

 

[adrsoluciones]

Buenos dias. Yo tengo el mismo problema, CMS CLient me detecto la camara y sin ingresar la clave que configure en yoosee me dejo ver las imagenes. Me gustaria que CMS Client no muestre la imagen de la camara si no se ingresa la password que se configuró en yoosee.