Cameras & CCTV#
Reference of IP camera vendors, NVR / DVR / VMS platforms, and the protocols (ONVIF, RTSP, PSIA) they speak. Useful for physical-security recon, surveillance-system pentest, incident video collection, and procurement triage. Includes sanctions / NDAA notes.
For broader physical / hardware tools, see Hacking Hardware. For protocol context, see Network Protocols.
Major camera vendors#
Vendor |
Country |
Notes |
|---|---|---|
Hikvision |
China |
Largest by volume; banned for US fed use (NDAA 889) + UK gov 2022; FCC ban 2022; sanctioned over Xinjiang. |
Dahua Technology |
China |
#2 globally; same NDAA / FCC posture as Hikvision; US sanctions list. |
Uniview (UNV) |
China |
#3 in China; some NDAA / customs flags. |
Hanwha Vision |
South Korea |
Formerly Samsung Techwin; Wisenet line; Trusted by NDAA. |
Axis Communications |
Sweden / Canon |
Premium IP cameras; ONVIF founder; trusted in Western gov. |
Bosch Security |
Germany |
IP cameras + intercoms; integrators. |
Vivotek |
Taiwan |
Mid-market. |
Honeywell |
USA |
Commercial / industrial. |
Pelco |
USA / Motorola |
Long-running; Motorola subsidiary. |
Avigilon (Motorola) |
Canada |
Acquired 2018; high-res; analytics. |
Genetec |
Canada |
Vendor + VMS. |
i-PRO |
Japan |
Panasonic spinout; NDAA-trusted. |
Mobotix |
Germany |
Edge-compute IP cameras. |
Lorex |
US |
Consumer; bought from Dahua; now NDAA-compliant lines. |
Reolink |
Hong Kong |
Consumer-grade. |
Amcrest |
US |
Consumer; some NDAA-adjacent issues. |
Foscam |
China / Hong Kong |
Consumer. |
Tiandy |
China |
On US Entity List. |
Tenda |
China |
Consumer. |
Verkada |
US |
Cloud-managed enterprise; 2021 breach (Bloomberg / Tillie K). |
Eagle Eye Networks |
US |
Cloud VMS + cameras. |
Rhombus |
US |
Cloud-managed enterprise. |
Wyze |
US |
Consumer (cameras manufactured in CN historically). |
Arlo |
US |
Consumer wireless (Netgear spin-out). |
Ring |
US |
Amazon; consumer; LE partnership (Neighbors). |
Nest |
US |
Google; consumer. |
Eufy |
China / Anker |
Consumer; 2022 unencrypted-cloud incident. |
VMS (Video Management Systems)#
Product |
Vendor |
Notes |
|---|---|---|
Milestone XProtect |
Milestone |
Open platform; many integrators; widely deployed. |
Genetec Security Cen ter |
Genetec |
Synergis (access) + Omnicast (video) + AutoVu (LPR). |
Hanwha WAVE |
Hanwha |
Bundled with Hanwha cameras. |
Avigilon Control Cen ter |
Motorola |
Avigilon ACC. |
ExacqVision |
Tyco / JCI |
Honeywell / JCI ecosystem. |
Verint Vision Suite |
Verint |
Government / casino. |
Verkada Command |
Verkada |
Cloud-only. |
Eagle Eye |
Eagle Eye |
Cloud-only. |
OpenEye Web Services |
OpenEye |
Cloud + on-prem. |
SoloProtect Live |
SoloProtect |
Lone-worker. |
Cisco Meraki MV |
Cisco |
Cloud-managed cams + dashboard. |
Synology Surveillance |
Synology |
NVR on Synology NAS. |
QNAP QVR Pro |
QNAP |
NVR on QNAP NAS. |
Zoneminder |
ZM Project |
Open-source VMS. |
Frigate |
community |
Open-source NVR with AI; popular Home Assistant integration. |
Shinobi |
Shinobi |
Open-source NVR. |
Bluecherry |
Bluecherry |
Linux-based. |
Agent DVR |
iSpy |
Free DVR. |
iSpy / iSpyConnect |
iSpy |
Older OSS DVR. |
Protocols / standards#
Protocol |
Notes |
|---|---|
RTSP |
Real Time Streaming Protocol; most IP cams expose rtsp://user:pass@host:554/stream1; the protocol nearly every cam speaks. |
RTP / RTCP |
Carries the actual media + control. |
H.264 / H.265 / AV1 |
Video codecs; H.264 dominant; H.265 saving bandwidth; AV1 emerging. |
H.264 / -B / -M |
Baseline / Main / High profiles. |
JPEG / MJPEG |
Older still-image streams. |
ONVIF |
Open Network Video Interface Forum; profiles S (streaming), G (recording), Q (config), C (access control), A (advanced AC), T (advanced video), M (metadata), D (door control). |
PSIA |
Physical Security Interoperability Alliance (predecessor of ONVIF; mostly displaced). |
HLS |
HTTP Live Streaming; for browser playback. |
WebRTC |
Low-latency browser playback; popular for cloud VMS. |
SRTP |
Secure RTP. |
MQTT / Webhook |
Cloud-camera notification. |
SNMP |
Some cameras expose SNMP for status. |
CGI / HTTP API |
Vendor-specific; Hikvision / Dahua / Axis all have them. |
Common ports#
Port |
Service |
|---|---|
80 / 443 |
HTTP / HTTPS web UI; vendor-specific CGI. |
554 |
RTSP. |
8000 |
Hikvision SDK / SADP discovery. |
8080 |
Often web UI on alt port. |
9000 |
Dahua DH SDK. |
3702 |
WS-Discovery (ONVIF). |
1900 |
SSDP / UPnP. |
22, 23 |
SSH / Telnet (often default-cred). |
37777, 37778 |
Dahua proprietary. |
Recon tooling#
Tool |
Notes |
|---|---|
Shodan / Censys / Zoo mEye |
Internet-scale scans; “ONVIF”, “Hikvision-Webs”, “Dahua”, “Wireshark”. |
ONVIF Device Manager |
Discovery + control of ONVIF cams. |
Onvif-Cli |
CLI ONVIF client. |
gst-launch / VLC |
Stream playback of RTSP. |
ffmpeg |
Capture RTSP / convert. |
Cameradar |
Scan + brute-force RTSP. |
Camsnipper |
RTSP brute. |
Hydra / Medusa |
Brute-force web / RTSP. |
hikpwn / DvrIpView |
Vendor-specific tools. |
ISPY-Connect / Insec am |
Public-cam aggregators. |
ZoneMinder / Frigate |
Self-host capture for analysis. |
Known vulnerabilities (historical)#
Vuln / class |
Notes |
|---|---|
Hikvision auth bypass |
CVE-2017-7921; cleartext password file via path traversal; widely exploited. |
Hikvision RCE |
CVE-2021-36260; unauth web RCE; Mirai-class botnet entry. |
Dahua auth bypass |
CVE-2021-33044; unauth login; mass exploitation. |
Dahua DvrHelper |
CVE-2017-3223; RPC RCE. |
ONVIF unauth disc. |
Unauth WS-Discovery responses leak make / model / firmware. |
RTSP no-auth |
Many cams ship with no RTSP auth by default. |
Default credentials |
admin/admin, admin/12345, root/pass, hikvision/hikadmin. |
Embedded telnet |
Backdoor accounts in older firmware. |
Persirai botnet |
2017; ~120k cameras. |
Mirai-Aidra |
IP-cam botnets. |
Verkada 2021 |
Insider credentials -> 150k cam access. |
Sanctions / regulation#
NDAA 889 (US), prohibits Federal procurement of Hikvision, Dahua, Hytera, Huawei, ZTE, and their subsidiaries.
FCC Covered List 2022, bans new authorisations for the same vendors.
UK Gov 2022, removed Hikvision / Dahua from sensitive sites.
EU NIS2, critical-infrastructure cameras subject to cyber-resilience requirements.
EU AI Act, biometric remote ID restrictions on surveillance cameras.
Xinjiang sanctions, Hikvision / Dahua / Tiandy on US Entity List for human-rights abuses.
GDPR + state privacy laws, video of identifiable individuals is special-category data; signage + retention + DPIA.
Operator notes#
Default-cred sweep is the first move, 30%+ of public IP cams still expose admin/admin or vendor defaults.
ONVIF is the standard but vendor extensions matter, rich features (PTZ presets, analytics) often need vendor SDK.
NVR firmware is the soft underbelly, cameras may be patched but the NVR (Hikvision / Dahua / Lorex) often is not.
Bandwidth budget: 4K H.265 at 30fps ≈ 15-30 Mbps per camera; storage at 14 days ≈ 5-10 TB/cam.
PoE (802.3af / at / bt) delivers 15-90 W; check switch budget when fielding more than 24 cameras.
Cloud VMS adds reach but expands attack surface, Verkada 2021 showed insider risk; minimize admin scope.
Audit retention: many local laws cap CCTV retention at 30-90 days.
No-record zones required by law in many jurisdictions (washrooms, locker rooms, employee break areas).