Resources
>
Research

Research Blog

Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.

Featured research articles

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers
Research
Nov 26, 2024
20
 min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Unauthenticated Command Injection in Mitel IP Phones
Research
Nov 17, 2024
15
 min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

Denys Vozniuk
Denys Vozniuk
Security Consultant
Read More
The X in XFTP Stands For eXecute
Research
Jul 8, 2024
6
 min read

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Read More
Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X
Research
May 26, 2024
5
 min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Read More
Security Advisory: Remote Code Execution in Ligowave Devices
Research
May 13, 2024
3
 min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Read More
Previous
Next

All research articles

ClamAV Critical Patch Review
Research
Feb 20, 2023
7
 min read

ClamAV Critical Patch Review

In this technical deep dive, ONEKEY explores the underlying issues fixed by the recent critical patch released by ClamAV. 👉

Read More
Security Advisory: Remote Command Execution in binwalk
Research
Jan 30, 2023
7
 min read

Security Advisory: Remote Command Execution in binwalk

Learn about the security vulnerability in binwalk v2.1.2b-2.3.3 that allows malicious PFS file extraction and remote code execution. 👉

Read More
Security Advisory: Unauthenticated Configuration Export in Multiple WAGO Products
Research
Jan 15, 2023
5
 min read

Security Advisory: Unauthenticated Configuration Export in Multiple WAGO Products

ONEKEY identified an unauthenticated configuration export in industrial controllers from WAGO . Read the latest Security Advisory here 👉

Read More
Latest Developments in Unblob
Research
Dec 14, 2022
4
 min read

Latest Developments in Unblob

After initial launch of unblob at Blackhat and DEFCON, the project continues to grow and we want to share a few things with you. Read more!

Read More
Security Advisory: Asus M25 NAS Vulnerability
Research
Nov 30, 2022
4
 min read

Security Advisory: Asus M25 NAS Vulnerability

ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here 👉

Read More
OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?
Research
Nov 1, 2022
3
 min read

OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?

OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry? Read more!

Read More
Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
Research
Sep 14, 2022
9
 min read

Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities

Detailed vulnerability analysis identifies several problems in FunJSQ on NETGEAR Routers & Orbi WiFi Systems. Read latest Security Advisory here 👉

Read More
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
Research
Aug 8, 2022
5
 min read

Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability

The advisory describes a vulnerability ONEKEY identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Read advisory!

Read More
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
Research
Jul 6, 2022
5
 min read

Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities

To evaluate and strengthen the automated vulnerability detection capabilities of ONEKEY, we frequently download and analyze firmware images from a variety of vendors. This is how we stumbled upon the CECC-X-M1 product line, an industrial controller manufactured by FESTO.

Read More
check out white papers

check out white papers

Explore in-depth whitepapers on cybersecurity and compliance, designed to strengthen your product’s security and compliance.

Meet Us at Events

Meet Us at Events

Join us at industry-leading events and connect with our experts in person to learn how to enhance your cybersecurity and compliance strategies.

Insights from Our Blog

Insights from Our Blog

Get expert tips and industry updates.
Dive into our blog for practical advice, trends, and solutions that help you stay secure and compliant.

Ready to automate your Product Cybersecurity & Compliance?

Make cybersecurity and compliance efficient and effective with ONEKEY.

Book a Demo