[SOLVED] Reolink camera/NVR port forwarding

[turner7205]

I use Reolink for my home camera set up. I have the ability to view the cameras externally using a web browser. For some reason only Internet explorer works. I can use an app, but I would like to leave the live feed up on a work computer using the web browser. They request I set/forward my HTTP to port 80. I have not done this. I have basically no understanding of such matters. My question is, by doing this, am I opening up myself to vulnerabilities? I attached a link with their instructions in case my explanation is sub par. Thanks in advance!

Instructions

 

[bill001g]

This can be kinda complex depending on what exactly you need to access.

If you just need to get to the NVR box and use that to somehow access your cameras that is a bit simpler. If you want to directly access your cameras, especially if it is more than 1 camera, it requires a fairly strong understanding of how port forwarding really works. You can't just use a signal port like 80 since all the cameras want to use the same port. How would your router ever know which camera you want to view. You must use different port numbers so that your router knows which camera to send it to. There are a couple ways to do this depending on if you can actually change the ports on the cameras themselves or if you have to fake them out and have the router translate port xxx to internal ip on port 80 for each.

All port forwarding runs a risk. Using port 80 is even more risk since that is a very common port for hackers to try, if you used say port 34212 or some other not common number they would have to first find that port and then attack the machine.

The risk for any port forwarding is how strong the software is. If the NVR is on say a normal windows or linux machine you can use the firewalls to prevent a lot of problems. There is nothing you can do though if the NVR application itself has a bug that lets someone compromise it. The cameras since they are seldom firmware updates the risk can be much higher. Many cameras made in china have a history of being able to be exploited. Look at the news where very popular ring door cameras got hacked. You can't do a lot since they have almost no cpu power but it does allow hackers into your network.

Then again hackers really don't care about home user networks. It is all about money or maybe government spying. There really is very little reason for them to attempt to hack a home user, lot of effort with nothing to show for it.

My best recommendation would be to use a port other than 80. Also try to use HTTPS and not simple HTTP if the NVR supports it. I would only access the NVR and not the cameras. It all depends on how good the performance is. Your upload bandwidth tends to limit how well this works.

Note when I did this temporally I used a VPN on my router. VPN software is very secure and it was easier to let the NVR think I was on the lan and not have to do anything special.

 

[USAFRet]

Then again hackers really don't care about home user networks. It is all about money or maybe government spying. There really is very little reason for them to attempt to hack a home user, lot of effort with nothing to show for it.

Unfortunately, home cameras are a different story.
That video is ripe for exploitation.

https://www.tnp.sg/news/singapore/hackers-hawk-explicit-videos-taken-spore-home-cams

Somebody’s Watching: Hackers Breach Ring Home Security Cameras (Published 2019)

Unnerved owners of the devices reported recent hacks in four states. The company reminded customers not to recycle passwords and user names.

www.nytimes.com

(not so much 'hacked', but rather sloppy security practices)