As we work to improve our component discovery capabilities to create more comprehensive software BOMs, we sometimes encounter “strange” third-party components. So also in the NETGEAR routers Funjsq!
Not all bugs are created equal. This advisory describes a vulnerability we identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Sadly, the vulnerable path is only reachable once a day so it did not match the PWN2OWN rules 🙁
To evaluate and strengthen the automated vulnerability detection capabilities of ONEKEY, we frequently download and analyze firmware images from a variety of vendors. This is how we stumbled upon the CECC-X-M1 product line, an industrial controller manufactured by FESTO.
The IoT Inspector Research Lab uncovered vulnerabilities in Cisco RV340 leading to remote command execution as root over the LAN interface.
The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.
Find out how the IoT Inspector Research Lab extracted an encryption key for a subset of D-Link routers – in particular the D-Link DIR-X1560.
We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.
IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.
At least 65 vendors are affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.
The IoT Inspector Research Lab detected a rare security vulnerability in Cisco’s RV34X Series. Read the full root analysis on the blog!
Overview Over the course of a research project focusing on IoT gadgets in late 2020, we briefly looked at the Gigaset L800HX – a smart
TLDR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently
