Cameras & CCTV#

Reference of IP camera vendors, NVR / DVR / VMS platforms, and the protocols (ONVIF, RTSP, PSIA) they speak. Useful for physical-security recon, surveillance-system pentest, incident video collection, and procurement triage. Includes sanctions / NDAA notes.

For broader physical / hardware tools, see Hacking Hardware. For protocol context, see Network Protocols.

Major camera vendors#

Vendor

Country

Notes

Hikvision

China

Largest by volume; banned for US fed use (NDAA 889) + UK gov 2022; FCC ban 2022; sanctioned over Xinjiang.

Dahua Technology

China

#2 globally; same NDAA / FCC posture as Hikvision; US sanctions list.

Uniview (UNV)

China

#3 in China; some NDAA / customs flags.

Hanwha Vision

South Korea

Formerly Samsung Techwin; Wisenet line; Trusted by NDAA.

Axis Communications

Sweden / Canon

Premium IP cameras; ONVIF founder; trusted in Western gov.

Bosch Security

Germany

IP cameras + intercoms; integrators.

Vivotek

Taiwan

Mid-market.

Honeywell

USA

Commercial / industrial.

Pelco

USA / Motorola

Long-running; Motorola subsidiary.

Avigilon (Motorola)

Canada

Acquired 2018; high-res; analytics.

Genetec

Canada

Vendor + VMS.

i-PRO

Japan

Panasonic spinout; NDAA-trusted.

Mobotix

Germany

Edge-compute IP cameras.

Lorex

US

Consumer; bought from Dahua; now NDAA-compliant lines.

Reolink

Hong Kong

Consumer-grade.

Amcrest

US

Consumer; some NDAA-adjacent issues.

Foscam

China / Hong Kong

Consumer.

Tiandy

China

On US Entity List.

Tenda

China

Consumer.

Verkada

US

Cloud-managed enterprise; 2021 breach (Bloomberg / Tillie K).

Eagle Eye Networks

US

Cloud VMS + cameras.

Rhombus

US

Cloud-managed enterprise.

Wyze

US

Consumer (cameras manufactured in CN historically).

Arlo

US

Consumer wireless (Netgear spin-out).

Ring

US

Amazon; consumer; LE partnership (Neighbors).

Nest

US

Google; consumer.

Eufy

China / Anker

Consumer; 2022 unencrypted-cloud incident.

VMS (Video Management Systems)#

Product

Vendor

Notes

Milestone XProtect

Milestone

Open platform; many integrators; widely deployed.

Genetec Security Cen ter

Genetec

Synergis (access) + Omnicast (video) + AutoVu (LPR).

Hanwha WAVE

Hanwha

Bundled with Hanwha cameras.

Avigilon Control Cen ter

Motorola

Avigilon ACC.

ExacqVision

Tyco / JCI

Honeywell / JCI ecosystem.

Verint Vision Suite

Verint

Government / casino.

Verkada Command

Verkada

Cloud-only.

Eagle Eye

Eagle Eye

Cloud-only.

OpenEye Web Services

OpenEye

Cloud + on-prem.

SoloProtect Live

SoloProtect

Lone-worker.

Cisco Meraki MV

Cisco

Cloud-managed cams + dashboard.

Synology Surveillance

Synology

NVR on Synology NAS.

QNAP QVR Pro

QNAP

NVR on QNAP NAS.

Zoneminder

ZM Project

Open-source VMS.

Frigate

community

Open-source NVR with AI; popular Home Assistant integration.

Shinobi

Shinobi

Open-source NVR.

Bluecherry

Bluecherry

Linux-based.

Agent DVR

iSpy

Free DVR.

iSpy / iSpyConnect

iSpy

Older OSS DVR.

Protocols / standards#

Protocol

Notes

RTSP

Real Time Streaming Protocol; most IP cams expose rtsp://user:pass@host:554/stream1; the protocol nearly every cam speaks.

RTP / RTCP

Carries the actual media + control.

H.264 / H.265 / AV1

Video codecs; H.264 dominant; H.265 saving bandwidth; AV1 emerging.

H.264 / -B / -M

Baseline / Main / High profiles.

JPEG / MJPEG

Older still-image streams.

ONVIF

Open Network Video Interface Forum; profiles S (streaming), G (recording), Q (config), C (access control), A (advanced AC), T (advanced video), M (metadata), D (door control).

PSIA

Physical Security Interoperability Alliance (predecessor of ONVIF; mostly displaced).

HLS

HTTP Live Streaming; for browser playback.

WebRTC

Low-latency browser playback; popular for cloud VMS.

SRTP

Secure RTP.

MQTT / Webhook

Cloud-camera notification.

SNMP

Some cameras expose SNMP for status.

CGI / HTTP API

Vendor-specific; Hikvision / Dahua / Axis all have them.

Common ports#

Port

Service

80 / 443

HTTP / HTTPS web UI; vendor-specific CGI.

554

RTSP.

8000

Hikvision SDK / SADP discovery.

8080

Often web UI on alt port.

9000

Dahua DH SDK.

3702

WS-Discovery (ONVIF).

1900

SSDP / UPnP.

22, 23

SSH / Telnet (often default-cred).

37777, 37778

Dahua proprietary.

Recon tooling#

Tool

Notes

Shodan / Censys / Zoo mEye

Internet-scale scans; “ONVIF”, “Hikvision-Webs”, “Dahua”, “Wireshark”.

ONVIF Device Manager

Discovery + control of ONVIF cams.

Onvif-Cli

CLI ONVIF client.

gst-launch / VLC

Stream playback of RTSP.

ffmpeg

Capture RTSP / convert.

Cameradar

Scan + brute-force RTSP.

Camsnipper

RTSP brute.

Hydra / Medusa

Brute-force web / RTSP.

hikpwn / DvrIpView

Vendor-specific tools.

ISPY-Connect / Insec am

Public-cam aggregators.

ZoneMinder / Frigate

Self-host capture for analysis.

Known vulnerabilities (historical)#

Vuln / class

Notes

Hikvision auth bypass

CVE-2017-7921; cleartext password file via path traversal; widely exploited.

Hikvision RCE

CVE-2021-36260; unauth web RCE; Mirai-class botnet entry.

Dahua auth bypass

CVE-2021-33044; unauth login; mass exploitation.

Dahua DvrHelper

CVE-2017-3223; RPC RCE.

ONVIF unauth disc.

Unauth WS-Discovery responses leak make / model / firmware.

RTSP no-auth

Many cams ship with no RTSP auth by default.

Default credentials

admin/admin, admin/12345, root/pass, hikvision/hikadmin.

Embedded telnet

Backdoor accounts in older firmware.

Persirai botnet

2017; ~120k cameras.

Mirai-Aidra

IP-cam botnets.

Verkada 2021

Insider credentials -> 150k cam access.

Sanctions / regulation#

  • NDAA 889 (US), prohibits Federal procurement of Hikvision, Dahua, Hytera, Huawei, ZTE, and their subsidiaries.

  • FCC Covered List 2022, bans new authorisations for the same vendors.

  • UK Gov 2022, removed Hikvision / Dahua from sensitive sites.

  • EU NIS2, critical-infrastructure cameras subject to cyber-resilience requirements.

  • EU AI Act, biometric remote ID restrictions on surveillance cameras.

  • Xinjiang sanctions, Hikvision / Dahua / Tiandy on US Entity List for human-rights abuses.

  • GDPR + state privacy laws, video of identifiable individuals is special-category data; signage + retention + DPIA.

Operator notes#

  • Default-cred sweep is the first move, 30%+ of public IP cams still expose admin/admin or vendor defaults.

  • ONVIF is the standard but vendor extensions matter, rich features (PTZ presets, analytics) often need vendor SDK.

  • NVR firmware is the soft underbelly, cameras may be patched but the NVR (Hikvision / Dahua / Lorex) often is not.

  • Bandwidth budget: 4K H.265 at 30fps ≈ 15-30 Mbps per camera; storage at 14 days ≈ 5-10 TB/cam.

  • PoE (802.3af / at / bt) delivers 15-90 W; check switch budget when fielding more than 24 cameras.

  • Cloud VMS adds reach but expands attack surface, Verkada 2021 showed insider risk; minimize admin scope.

  • Audit retention: many local laws cap CCTV retention at 30-90 days.

  • No-record zones required by law in many jurisdictions (washrooms, locker rooms, employee break areas).

References#