Resources
>
Research

Research Blog

Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.

Featured research articles

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)
Research
Jun 3, 2025
10
 min read

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Diviotec IP Cameras. Learn about the risks and recommended actions.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222
Research
Jun 2, 2025
10
 min read

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Netcomm devices. Learn about the risks and recommended actions.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)
Research
May 26, 2025
10
 min read

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Smartbedded MeteoBridge. Learn about the risks and recommended actions.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Shell CGI Static Code Analysis - Automatic Discovery of RCEs
Research
May 23, 2025
10
 min read

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Uncover ONEKEY's new shell CGI Static Code Analysis feature, designed to identify critical Remote Code Execution vulnerabilities. Click now to find out more.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)
Research
Apr 25, 2025
5
 min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)
Research
Apr 25, 2025
5
 min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers
Research
Nov 26, 2024
20
 min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser
Quentin Kaiser
Lead Security Researcher
Read More
Security Advisory: Unauthenticated Command Injection in Mitel IP Phones
Research
Nov 17, 2024
15
 min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

Denys Vozniuk
Denys Vozniuk
Security Consultant
Read More
The X in XFTP Stands For eXecute
Research
Jul 8, 2024
6
 min read

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Read More
Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X
Research
May 26, 2024
5
 min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Read More
Security Advisory: Remote Code Execution in Ligowave Devices
Research
May 13, 2024
3
 min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Read More
Previous
Next

All research articles

Security Advisory: Unauthenticated Configuration Export in Multiple WAGO Products
Research
Jan 15, 2023
5
 min read

Security Advisory: Unauthenticated Configuration Export in Multiple WAGO Products

ONEKEY identified an unauthenticated configuration export in industrial controllers from WAGO . Read the latest Security Advisory here 👉

Read More
Latest Developments in Unblob
Research
Dec 14, 2022
4
 min read

Latest Developments in Unblob

After initial launch of unblob at Blackhat and DEFCON, the project continues to grow and we want to share a few things with you. Read more!

Read More
Security Advisory: Asus M25 NAS Vulnerability
Research
Nov 30, 2022
4
 min read

Security Advisory: Asus M25 NAS Vulnerability

ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here 👉

Read More
OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?
Research
Nov 1, 2022
3
 min read

OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?

OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry? Read more!

Read More
Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
Research
Sep 14, 2022
9
 min read

Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities

Detailed vulnerability analysis identifies several problems in FunJSQ on NETGEAR Routers & Orbi WiFi Systems. Read latest Security Advisory here 👉

Read More
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
Research
Aug 8, 2022
5
 min read

Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability

The advisory describes a vulnerability ONEKEY identified when hunting for bugs to craft exploit chains for PWN2OWN 2021. Read advisory!

Read More
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
Research
Jul 6, 2022
5
 min read

Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities

To evaluate and strengthen the automated vulnerability detection capabilities of ONEKEY, we frequently download and analyze firmware images from a variety of vendors. This is how we stumbled upon the CECC-X-M1 product line, an industrial controller manufactured by FESTO.

Read More
Advisory: Western Digital My Cloud Pro Series PR4100 RCE
Research
Feb 14, 2022
7
 min read

Advisory: Western Digital My Cloud Pro Series PR4100 RCE

The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.

Read More
How-To: Extracting Decryption Keys for D-Link
Research
Nov 24, 2021
8
 min read

How-To: Extracting Decryption Keys for D-Link

Find out how the IoT Inspector Research Lab extracted an encryption key for a subset of D-Link routers - in particular the D-Link DIR-X1560.

Read More
check out white papers

check out white papers

Explore in-depth whitepapers on cybersecurity and compliance, designed to strengthen your product’s security and compliance.

Meet Us at Events

Meet Us at Events

Join us at industry-leading events and connect with our experts in person to learn how to enhance your cybersecurity and compliance strategies.

Insights from Our Blog

Insights from Our Blog

Get expert tips and industry updates.
Dive into our blog for practical advice, trends, and solutions that help you stay secure and compliant.

Ready to automate your Product Cybersecurity & Compliance?

Make cybersecurity and compliance efficient and effective with ONEKEY.

Book a Demo