Research

Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)

February 17, 2022

The IoT Inspector Research Lab uncovered vulnerabilities in Cisco RV340 leading to remote command execution as root over the LAN interface.

Advisory: Western Digital My Cloud Pro Series PR4100 RCE

February 15, 2022

The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.

How-To: Extracting Decryption Keys for D-Link

November 25, 2021

Find out how the IoT Inspector Research Lab extracted an encryption key for a subset of D-Link routers – in particular the D-Link DIR-X1560.

Advisory: Cisco ATA19X Privilege Escalation and RCE

October 7, 2021

We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

October 5, 2021

IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

August 16, 2021

At least 65 vendors are affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.

Advisory: Cisco RV34X Series – Privilege Escalation in vpnTimer

May 5, 2021

The IoT Inspector Research Lab detected a rare security vulnerability in Cisco’s RV34X Series. Read the full root analysis on the blog!

Advisory: Multiple Issues in Libre Wireless LS9 Modules – And the Problem with Third Party Products

April 26, 2021

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution

April 13, 2021

Advisory: Fibaro Home Center – Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

April 8, 2021

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

March 22, 2021

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

March 11, 2021

IOT INSPECTOR IS NOW ONEKEY ! » READ OUR PRESS RELEASE HERE

RESEARCH & ADVISORIES

OUR EXPERTS SHARING ON IOT SECURITY & COMPLIANCE

Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)

Advisory: Western Digital My Cloud Pro Series PR4100 RCE

How-To: Extracting Decryption Keys for D-Link

Advisory: Cisco ATA19X Privilege Escalation and RCE

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

Advisory: Cisco RV34X Series – Privilege Escalation in vpnTimer

Advisory: Multiple Issues in Libre Wireless LS9 Modules – And the Problem with Third Party Products

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution

Advisory: Fibaro Home Center – Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

SECURITY REPORTS - WHITEPAPERS – DOWNLOADS

IoT Security Report 2021

Whitepaper:
Secure Sourcing of Iot Devices

Whitepaper:
How SWISSCOM saves 400K EUR per avoided incident

Datasheet:
ONEKEY Platform

Datasheet:
ONEKEY onDemand

contact us