Research Blog
Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.
Featured research articles
All research articles
Security Advisory: Asus M25 NAS Vulnerability
ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here 👉
OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?
OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry? Read more!
Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
Detailed vulnerability analysis identifies several problems in FunJSQ on NETGEAR Routers & Orbi WiFi Systems. Read latest Security Advisory here 👉
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
The advisory describes a vulnerability ONEKEY identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Read advisory!
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
To evaluate and strengthen the automated vulnerability detection capabilities of ONEKEY, we frequently download and analyze firmware images from a variety of vendors. This is how we stumbled upon the CECC-X-M1 product line, an industrial controller manufactured by FESTO.
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
The IoT Inspector Research Lab uncovered vulnerabilities in Cisco RV340 leading to remote command execution as root over the LAN interface.
How-To: Extracting Decryption Keys for D-Link
Find out how the IoT Inspector Research Lab extracted an encryption key for a subset of D-Link routers - in particular the D-Link DIR-X1560.
Ready to automate your Product Cybersecurity & Compliance?
Make cybersecurity and compliance efficient and effective with ONEKEY.