Hikvision DS-2CD2042WD-I
From Wiki-IoT
Classification
| Hikvision DS-2CD2042WD-I | |
|---|---|
| Classification | |
| Grade | F |
| Calculator version | 1 |
| Classification date | 2025-10-05 |
| Information | |
| Name | Hikvision DS-2CD2042WD-I 4 MP WDR Mini Bullet Network Camera |
| Brand by Parent | Hikvision by Hangzhou Hikvision Digital Technology Co., Ltd. |
| Generation | EasyIP 2.0 |
| Model(s) | DS-2CD2042WD-I (4 mm, 6 mm lens variants) |
| Release date | 2016-06-09 |
| Type/Category | Outdoor bullet IP camera |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 70 × 154 × 61 mm |
| Mass | 500 g |
| Operating system | Embedded Linux (HiLinux) |
| Companion App | Hik-Connect / iVMS-4200 / Web browser |
| CPU | ARM Cortex-A7 @ 600 MHz (HiSilicon Hi3516D V300) |
| GPU | Integrated ISP (HDR, WDR, 3D-DNR) |
| Memory | 512 MB DDR3 |
| Storage | 128 MB NAND flash (no encryption) |
| Battery | None |
| Power | 12 V ⎓ 1 A or IEEE 802.3af PoE (≤ 5 W) |
| Charging | Not applicable |
| Display | None (only IR-cut status LED) |
| Camera | 1/3″ progressive-scan CMOS, 2688 × 1520 @ 20 fps, 4 mm/6 mm F2.0 lens, 120 dB WDR, IR 30 m |
| Sound | Built-in microphone (audio model), no speaker |
| Connectivity | 10/100 M RJ-45, Wi-Fi none, supports ONVIF, RTSP, HTTP/HTTPS, FTP, DDNS, SNMP, IPv4/IPv6 |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Very common | [2] | Labelled UART pads, no epoxy, plastic case snaps open |
| Known vulnerabilities | Very common | [3] | Auth-bypass / user-list leak / config download without login |
| Prior attacks | Very common | [4] | Mirai variants (e.g., “Hakai”) actively exploit CVE-2017-7921 |
| Updatability | Rare | [5] | Last firmware V5.4.41 build 170310 (2017-03); no automatic OTA; regional images only |
| Category score | 3 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [6] | /Security/users?auth=YWRtaW46MTEK returns admin hash without login |
| Communications | Encrypted with obselete encryption | [7] | TLS 1.0 only, weak ciphers, no cert pinning |
| Storage | No encryption | [8] | NAND flash dumped in plaintext; config file readable |
| Category score | 3 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Basic | [9] | Single admin + 31 users; no RBAC, no guest role |
| Authentication | Basic | [10] | Username + password only; no 2FA, no SSO |
| Brute-force protection | Absent | [11] | No lock-out, no CAPTCHA, unlimited login attempts |
| Event logging | Partial logging | [12] | Web UI shows login/logout; no syslog export, no failed-auth log export |
| Passwords | Default/Common/Easy to guess | [13] | Factory admin/12345 widely deployed; no forced change, no complexity |
| Category score | 3 | ||
| Grade | F |
|---|
