Research

Research Blog

Stay up to date with the newest security advisories, vulnerability reports, and platform developments—keeping your products secure and compliant.

Featured research articles

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Research

Jun 3, 2025

min read

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Diviotec IP Cameras. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Research

Jun 2, 2025

min read

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Netcomm devices. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Research

May 26, 2025

min read

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Smartbedded MeteoBridge. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Research

May 23, 2025

min read

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Uncover ONEKEY's new shell CGI Static Code Analysis feature, designed to identify critical Remote Code Execution vulnerabilities. Click now to find out more.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Research

Nov 26, 2024

min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Research

Nov 17, 2024

min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Research

May 26, 2024

min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Security Advisory: Remote Code Execution in Ligowave Devices

Research

May 13, 2024

min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Advisory: Cisco ATA19X Privilege Escalation and RCE

Research

Oct 6, 2021

min read

Advisory: Cisco ATA19X Privilege Escalation and RCE

We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

Research

Oct 4, 2021

min read

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

Research

Aug 15, 2021

min read

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device.

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer

Research

May 4, 2021

min read

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer

IoT Inspector detected a rare security vulnerability in Cisco's RV34X Series. Read the full root analysis on the blog!

Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products

Research

Apr 25, 2021

min read

Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products

IoT Inspector detected security vulnerabilities in the Gigaset L800HX smart speaker, which is actually based on a third party module (Libre Wireless LS9).

Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution

Research

Apr 12, 2021

min read

Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution

IoT Inspector identified security issues in Cisco's RV34X series of devices. Read the full root analysis on our blog!

Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

Research

Apr 7, 2021

min read

Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

IoT Inspector discovered multiple vulnerabilities in the Fibaro Home Center 2 and Home Center Lite. Users are advised to upgrade.

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Research

Mar 21, 2021

min read

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Firmware patch diffing is a relatively under-documented, but important process in IoT security research. Let's look at a real-world example!

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

Research

Mar 10, 2021

min read

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

The D-Link DIR-3060 is affected by a post-authentication command injection vulnerability, which was discovered and disclosed by IoT Inspector.

check out white papers

Explore in-depth whitepapers on cybersecurity and compliance, designed to strengthen your product’s security and compliance.

Meet Us at Events

Join us at industry-leading events and connect with our experts in person to learn how to enhance your cybersecurity and compliance strategies.

Insights from Our Blog

Get expert tips and industry updates. Dive into our blog for practical advice, trends, and solutions that help you stay secure and compliant.

Ready to automate your Product Cybersecurity & Compliance?

Make cybersecurity and compliance efficient and effective with ONEKEY.

Book a Demo

Research Blog

Featured research articles

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

The X in XFTP Stands For eXecute

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Security Advisory: Remote Code Execution in Ligowave Devices

All research articles

Advisory: Cisco ATA19X Privilege Escalation and RCE

Swimming Upstream: Uncovering Broadcom SDK vulnerabilities from bug reports

Advisory: Multiple issues in Realtek SDK affect hundreds of thousands of devices down the supply chain

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer

Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products

Advisory: Cisco RV34X Series - Authentication Bypass and Remote Command Execution

Advisory: Fibaro Home Center - Multiple Vulnerabilities (CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992)

Patch Diffing Entire Firmware Images, Squeezing Out Bugs

Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)

check out white papers

Meet Us at Events

Insights from Our Blog

Ready to automate your Product Cybersecurity & Compliance?