Resources
>
Research

Research Blog

Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.

Featured research articles

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers
Research
Nov 26, 2024
20
 min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Unauthenticated Command Injection in Mitel IP Phones
Research
Nov 17, 2024
15
 min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

Denys Vozniuk
Denys Vozniuk
Security Consultant
Read More
The X in XFTP Stands For eXecute
Research
Jul 8, 2024
6
 min read

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Read More
Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X
Research
May 26, 2024
5
 min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Read More
Security Advisory: Remote Code Execution in Ligowave Devices
Research
May 13, 2024
3
 min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Read More
Previous
Next

All research articles

Advisory: Western Digital My Cloud Pro Series PR4100 RCE
Research
Feb 14, 2022
7
 min read

Advisory: Western Digital My Cloud Pro Series PR4100 RCE

The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.

Read More
How-To: Extracting Decryption Keys for D-Link
Research
Nov 24, 2021
8
 min read

How-To: Extracting Decryption Keys for D-Link

Find out how the IoT Inspector Research Lab extracted an encryption key for a subset of D-Link routers - in particular the D-Link DIR-X1560.

Read More
Advisory: Cisco ATA19X Privilege Escalation and RCE
Research
Oct 6, 2021
5
 min read

Advisory: Cisco ATA19X Privilege Escalation and RCE

We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.

Read More
Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports
Research
Oct 4, 2021
14
 min read

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.

Read More
Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain
Research
Aug 15, 2021
29
 min read

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.

Read More
Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer
Research
May 4, 2021
5
 min read

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer

IoT Inspector detected a rare security vulnerability in Cisco's RV34X Series. Read the full root analysis on the blog!

Read More
Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products
Research
Apr 25, 2021
25
 min read

Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products

IoT Inspector detected security vulnerabilities in the Gigaset L800HX smart speaker, which is actually based on a third party module (Libre Wireless LS9).

Read More
Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution
Research
Apr 12, 2021
5
 min read

Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution

IoT Inspector identified security issues in Cisco's RV34X series of devices. Read the full root analysis on our blog!

Read More
Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)
Research
Apr 7, 2021
7
 min read

Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

IoT Inspector discovered multiple vulnerabilities in the Fibaro Home Center 2 and Home Center Lite. Users are advised to upgrade.

Read More
check out white papers

check out white papers

Explore in-depth whitepapers on cybersecurity and compliance, designed to strengthen your product’s security and compliance.

Meet Us at Events

Meet Us at Events

Join us at industry-leading events and connect with our experts in person to learn how to enhance your cybersecurity and compliance strategies.

Insights from Our Blog

Insights from Our Blog

Get expert tips and industry updates.
Dive into our blog for practical advice, trends, and solutions that help you stay secure and compliant.

Ready to automate your Product Cybersecurity & Compliance?

Make cybersecurity and compliance efficient and effective with ONEKEY.

Book a Demo