Research

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

August 16, 2021 No Comments

At least 65 vendors are affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.

Advisory: Cisco RV34X Series – Privilege Escalation in vpnTimer

May 5, 2021 No Comments

The IoT Inspector Research Lab detected a rare security vulnerability in Cisco’s RV34X Series. Read the full root analysis on the blog!

Advisory: Multiple Issues in Libre Wireless LS9 Modules – And the Problem with Third Party Products

April 26, 2021 No Comments

Overview Over the course of a research project focusing on IoT gadgets in late 2020, we briefly looked at the Gigaset L800HX – a smart

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution

April 13, 2021 No Comments

TLDR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently

Advisory: Fibaro Home Center – Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

April 8, 2021 No Comments

Overview The Fibaro Home Center 2 and Home Center Lite (running versions 4.600, 4.550 and earlier versions) are affected by multiple vulnerabilities: man-in-the-middle attack between the

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

March 22, 2021 No Comments

TLDR Firmware patch diffing is a relatively under-documented process, but one that can be really important when doing IoT security research. In this post, I’m

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

March 11, 2021 No Comments

Overview The D-Link DIR-3060 (running firmware versions below v1.11b04) is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary system commands

Huawei cryptographic keys embedded in Cisco’s firmware

July 3, 2019 No Comments

Huawei cryptographic keys embedded in Cisco’s firmware Things happen when they happen. And when developers use third-party or open source libraries in their own product,

ARE YOU READY FOR THE NEW EU CYBER RESILIENCE ACT? » START YOUR CRA READINESS ASSESSMENT TODAY!

Research

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

Advisory: Cisco RV34X Series – Privilege Escalation in vpnTimer

Advisory: Multiple Issues in Libre Wireless LS9 Modules – And the Problem with Third Party Products

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution

Advisory: Fibaro Home Center – Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

Huawei cryptographic keys embedded in Cisco’s firmware

Stay informed

News

Cybersecurity experts provide information on new EU Legislation to increase Cyber Resilience at 8th CYBICS

Security Advisory: Clock Fault Injection on Mocor OS – Password Bypass

New “U.S. Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

Downloads

Whitepaper: Understanding the EU Cyber Resilience Act

Whitepaper: Tackling Software Supply Chain Risks with IEC 62443 and SBOM

Use Case: How SWISSCOM saves 400K EUR per avoided incident

Datasheet: ONEKEY Platform - Manufacturing

contact us