Ressourcen
>
Research

Research Blog

Bleiben Sie mit den neuesten Sicherheitshinweisen, Schwachstellenberichten und Plattformentwicklungen auf dem Laufenden — damit Ihre Produkte sicher und konform sind.

Ausgewählte Forschungsartikel

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones
Research
Nov 17, 2024
15
min. Lesezeit

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

Denys Vozniuk
Denys Vozniuk
Security Consultant
Mehr lesen
The X in XFTP Stands For eXecute
Research
Jul 8, 2024
6
min. Lesezeit

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Mehr lesen
Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X
Research
May 26, 2024
5
min. Lesezeit

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Mehr lesen
Security Advisory: Remote Code Execution in Ligowave Devices
Research
May 13, 2024
3
min. Lesezeit

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Mehr lesen
Bisherige
Weiter

Alle Forschungsartikel

Advisory: Cisco ATA19X Privilege Escalation and RCE
Research
Oct 6, 2021
5
min. Lesezeit

Advisory: Cisco ATA19X Privilege Escalation and RCE

We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.

Mehr lesen
Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports
Research
Oct 4, 2021
14
min. Lesezeit

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.

Mehr lesen
Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain
Research
Aug 15, 2021
29
min. Lesezeit

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.

Mehr lesen
Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer
Research
May 4, 2021
5
min. Lesezeit

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer

IoT Inspector detected a rare security vulnerability in Cisco's RV34X Series. Read the full root analysis on the blog!

Mehr lesen
Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products
Research
Apr 25, 2021
25
min. Lesezeit

Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products

IoT Inspector detected security vulnerabilities in the Gigaset L800HX smart speaker, which is actually based on a third party module (Libre Wireless LS9).

Mehr lesen
Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution
Research
Apr 12, 2021
5
min. Lesezeit

Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution

IoT Inspector identified security issues in Cisco's RV34X series of devices. Read the full root analysis on our blog!

Mehr lesen
Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)
Research
Apr 7, 2021
7
min. Lesezeit

Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

IoT Inspector discovered multiple vulnerabilities in the Fibaro Home Center 2 and Home Center Lite. Users are advised to upgrade.

Mehr lesen
Patch Diffing Entire Firmware Images, Squeezing Out Bugs
Research
Mar 21, 2021
11
min. Lesezeit

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Firmware patch diffing is a relatively under-documented, but important process in IoT security research. Let's look at a real-world example!

Mehr lesen
Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)
Research
Mar 10, 2021
6
min. Lesezeit

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

The D-Link DIR-3060 is affected by a post-authentication command injection vulnerability, which was discovered and disclosed by IoT Inspector.

Mehr lesen
Schauen Sie sich Whitepapers an

Schauen Sie sich Whitepapers an

Lesen Sie ausführliche Whitepapers zu Cybersicherheit und Compliance, die darauf ausgelegt sind, die Sicherheit und Compliance Ihres Produkts zu verbessern.

Treffen Sie uns auf Veranstaltungen

Treffen Sie uns auf Veranstaltungen

Nehmen Sie an branchenführenden Veranstaltungen teil und tauschen Sie sich persönlich mit unseren Experten aus, um zu erfahren, wie Sie Ihre Cybersicherheits- und Compliance-Strategien verbessern können.

Einblicke aus unserem Blog

Einblicke aus unserem Blog

Holen Sie sich Expertentipps und Branchen-Updates.
In unserem Blog finden Sie praktische Ratschläge, Trends und Lösungen, die Ihnen helfen, sicher und konform zu bleiben.

Bereit zur automatisierung ihrer Cybersicherheit & Compliance?

Machen Sie Cybersicherheit und Compliance mit ONEKEY effizient und effektiv.

Eine Demo buchen