Research

Research Blog

Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.

Featured research articles

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Research

Nov 26, 2024

min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Research

Nov 17, 2024

min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Research

May 26, 2024

min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Security Advisory: Remote Code Execution in Ligowave Devices

Research

May 13, 2024

min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Spotting Silent Patches in OSS with Binary Static Analysis

Research

Apr 8, 2024

min read

Spotting Silent Patches in OSS with Binary Static Analysis

Uncover silent patches in OSS with our binary static analysis. Understand the role of in-depth vulnerability management beyond CVE tracking.

Security Advisory: Remote Command Execution in Cisco Access Point WAP Products

Research

Mar 17, 2024

min read

Security Advisory: Remote Command Execution in Cisco Access Point WAP Products

Learn about the vulnerabilities affecting Cisco's WAP371 and other Small Business Wireless APs, and the importance of binary static analysis.

Binary Static Analysis - The Final Frontier

Research

Mar 13, 2024

min read

Binary Static Analysis - The Final Frontier

Uncover ONEKEY's new Binary Zero-Day Identification feature, designed to identify vulnerabilities in executable binaries. Click now to find out more.

Research

Jan 10, 2024

min read

Latest Developments in Unblob (3)

Discover the latest developments in UNBLOB. Explore FileSystem Sandboxing, UI enhancements, and advanced Pattern Identification in our latest blog post 👇️

Research

Oct 19, 2023

min read

Making TOCTOU Great again - X(R)IP

ONEKEY Seucrity Insight: Delve into TOCTOU vulnerabilities in embedded systems utilizing XiP. Discover how these gaps at the hardware level can compromise secure boot processes.

Security Advisory: Clock Fault Injection on Mocor OS - Password Bypass

Research

Aug 8, 2023

min read

Security Advisory: Clock Fault Injection on Mocor OS - Password Bypass

Discover the critical vulnerabilty in the Mocor OS on UNISOC SC6531E devices that allows unauthorised users to bypass locks via clock fault injection.

Security Advisory: Unauthenticated Remote Command Execution in Multiple WAGO Products

Research

May 15, 2023

min read

Security Advisory: Unauthenticated Remote Command Execution in Multiple WAGO Products

Security Advisory: Critical unauthenticated command injection vulnerability in the "Legal Information" plugin of the WAGO Series PFC100 web interface.

Research

May 8, 2023

min read

Latest Developments in Unblob (2)

Revolutionize firmware extraction with UNBLOB! Discover the latest developments & advancements in this cutting-edge project. Don't miss latest blog post!

Leveraging ChatGPT to build a Hardware Fault Injection Tool.

Research

Apr 26, 2023

min read

Leveraging ChatGPT to build a Hardware Fault Injection Tool.

This security insight explores the process of building an AI-assisted Teensy-based fault injection framework for testing system security. Learn more here!

check out white papers

Explore in-depth whitepapers on cybersecurity and compliance, designed to strengthen your product’s security and compliance.

Meet Us at Events

Join us at industry-leading events and connect with our experts in person to learn how to enhance your cybersecurity and compliance strategies.

Insights from Our Blog

Get expert tips and industry updates. Dive into our blog for practical advice, trends, and solutions that help you stay secure and compliant.

Ready to automate your Product Cybersecurity & Compliance?

Make cybersecurity and compliance efficient and effective with ONEKEY.

Book a Demo

Research Blog

Featured research articles

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

The X in XFTP Stands For eXecute

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Security Advisory: Remote Code Execution in Ligowave Devices

All research articles

Spotting Silent Patches in OSS with Binary Static Analysis

Security Advisory: Remote Command Execution in Cisco Access Point WAP Products

Binary Static Analysis - The Final Frontier

Latest Developments in Unblob (3)

Making TOCTOU Great again - X(R)IP

Security Advisory: Clock Fault Injection on Mocor OS - Password Bypass

Security Advisory: Unauthenticated Remote Command Execution in Multiple WAGO Products

Latest Developments in Unblob (2)

Leveraging ChatGPT to build a Hardware Fault Injection Tool.

check out white papers

Meet Us at Events

Insights from Our Blog

Ready to automate your Product Cybersecurity & Compliance?