Posted  by 

Anran Dvr Default Password

Hello, im REALLY hoping someone can help me. I bought this 8 camera dvr system off ebay and was in the proses of hooking it up.and in the mean time i misplaced some stuff. Like the manual! Ugh anyways i cant log in to it. Is there a way i can reset it? Every time i try to log in its incorrect. And it says the password hint is 'NULL' i tried to contact the ebay seller for months.

  1. Anran Dvr Troubleshooting
  2. Anran Cctv App
  3. Anran Dvr Default Password Settings
  • ANRAN USA LLC 14161 post-st, Corona, CA, 92880, United States 1-866-958-6988 (US) 1559 (UK) [email protected] Teaching Your Children about Safety; Keeping Your Bathroom Safe; Fire Safety in the Home.
  • How to reset factory default- ANRAN DVR.

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.

A rendering of Xiongmai’s center in Hangzhou, China. Source: xiongmaitech.com

In late 2016, the world witnessed the sheer disruptive power of Mirai, a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings.

Security experts soon discovered that a majority of Mirai-infected devices were chiefly composed of components made by Xiongmai (a.k.a. Hangzhou Xiongmai Technology Co., Ltd.) and a handful of other Chinese tech firms that seemed to have a history of placing product market share and price above security.

Since then, two of those firms — Huawei and Dahua — have taken steps to increase the security of their IoT products out-of-the-box. But Xiongmai — despite repeated warnings from researchers about deep-seated vulnerabilities in its hardware — has continued to ignore such warnings and to ship massively insecure hardware and software for use in products that are white-labeled and sold by more than 100 third-party vendors.

Anran dvr app

On Tuesday, Austrian security firm SEC Consult released the results of extensive research into multiple, lingering and serious security holes in Xiongmai’s hardware.

Running man episode 360 guest pc. SEC Consult said it began the process of working with Xiongmai on these problems back in March 2018, but that it finally published its research after it became clear that Xiongmai wasn’t going to address any of the problems.

“Although Xiongmai had seven months notice, they have not fixed any of the issues,” the researchers wrote in a blog post published today. “The conversation with them over the past months has shown that security is just not a priority to them at all.”

PROBLEM TO PROBLEM

A core part of the problem is the peer-to-peer (P2P) communications component called “XMEye” that ships with all Xiongmai devices and automatically connects them to a cloud network run by Xiongmai. The P2P feature is designed so that consumers can access their DVRs or security cameras remotely anywhere in the world and without having to configure anything.

Anran Dvr Troubleshooting

The various business lines of Xiongmai. Source: xiongmaitech.com

To access a Xiongmai device via the P2P network, one must know the Unique ID (UID) assigned to each device. The UID is essentially derived in an easily reproducible way using the device’s built-in MAC address (a string of numbers and letters, such as 68ab8124db83c8db).

Electronics firms are assigned ranges of MAC address that they may use, but SEC Consult discovered that Xiongmai for some reason actually uses MAC address ranges assigned to a number of other companies, including tech giant Cisco Systems, German printing press maker Koenig & Bauer AG, and Swiss chemical analysis firm Metrohm AG.

SEC Consult learned that it was trivial to find Xiongmai devices simply by computing all possible ranges of UIDs for each range of MAC addresses, and then scanning Xiongmai’s public cloud for XMEye-enabled devices. Based on scanning just two percent of the available ranges, SEC Consult conservatively estimates there are around 9 million Xiongmai P2P devices online.

[For the record, KrebsOnSecurity has longadvised buyers of IoT devices to avoid those advertise P2P capabilities for just this reason. The Xiongmai debacle is yet another example of why this remains solid advice].

BLANK TO BANK

While one still needs to provide a username and password to remotely access XMEye devices via this method, SEC Consult notes that the default password of the all-powerful administrative user (username “admin”) is blank (i.e, no password).

The admin account can be used to do anything to the device, such as changing its settings or uploading software — including malware like Mirai. And because users are not required to set a secure password in the initial setup phase, it is likely that a large number of devices are accessible via these default credentials.

The raw, unbranded electronic components of an IP camera produced by Xiongmai.

Even if a customer has changed the default admin password, SEC Consult discovered there is an undocumented user with the name “default,” whose password is “tluafed” (default in reverse). While this user account can’t change system settings, it is still able to view any video streams.

Normally, hardware devices are secured against unauthorized software updates by requiring that any new software pushed to the devices be digitally signed with a secret cryptographic key that is held only by the hardware or software maker. However, XMEye-enabled devices have no such protections.

In fact, the researchers found it was trivial to set up a system that mimics the XMEye cloud and push malicious firmware updates to any device. Worse still, unlike with the Mirai malware — which gets permanently wiped from memory when an infected device powers off or is rebooted — the update method devised by SEC Consult makes it so that any software uploaded survives a reboot. Continue reading →

Forgetting the admin password turns to be a nightmare for the users. We herein provide you the simple instructions on how to generate a new super password to allow you login the DVR, then reset the password. We provide this instruction based on premise that you have ordered DVRs from us, or you are using similar DVRs with same embedded firmware like our products. Random super password generation requires you with the password generation software.

Download Superpassword Software for XM/Hislicon DVRs

After you download the software, and do the following procedures to generate a new temporary super admin password.

Run the software SuperPassword.exe, it will pop-up tool window as below:

Input the current date (year, month, day) as below:

Click 'OK', it will generate a temporary super password which is only working for a day.

Using the generated new password login into the DVR, the DVR will remind DVR will reboot, the system reset to default password.

Please note this method is only working for our DVRs. If you failed to login with generated password, you may download another password generator software in here:

Anran Cctv App

Download link: https://goo.gl/HnW4KZ

Download DVR Password Calculator:

Generate Password by Using Serial Number & Time:

Download link: https://goo.gl/6CUkZ7

Download Password for Dahua DVRs

To rest the password of Dahua DVRs, you can contact Dahua technical support team, then send the current date and time of your device to them. They will use the password generator to create a temporary password. If you don't want to wait, you can download the software and create the pwd by yourself.

Get My Latest Posts

Subscribe to get the latest updates.

Anran Dvr Default Password Settings

Your email address will never be shared with any 3rd parties.

Tags: DVR System