IoT Product Security Knowledge Hub

Announcement: BugProve is available on-premise! Announcement: BugProve is available on-premise!

Announcement: BugProve is available on-premise!

picture of the author
Attila Szász
February 21, 2024 3 mins read

You can now request a self-hosted version of the platform if the cloud deployment was a blocker so far.

CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices

CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices

picture of the author
Gábor Selján
January 30, 2024 5 mins read

Part 3 of vulnerabilities detected in Zyxel's personal cloud storage devices.

CVE-2023-4473 & CVE-2023-4474 - Authentication bypass and multiple blind OS command injection vulnerabilities in Zyxel’s NAS326 devices

CVE-2023-4473 & CVE-2023-4474 - Authentication bypass and multiple blind OS command injection vulnerabilities in Zyxel’s NAS326 devices

picture of the author
Gábor Selján
November 30, 2023 16 mins read

Part 2 of our vulnerability disclosure of Zyxel's personal cloud storage devices, including an authentication bypass vulnerability.

CVE-2023-37927 & CVE-2023-37928 - Multiple post-auth blind OS command and Python code injection vulnerabilities in Zyxel’s NAS326 devices

CVE-2023-37927 & CVE-2023-37928 - Multiple post-auth blind OS command and Python code injection vulnerabilities in Zyxel’s NAS326 devices

picture of the author
Gábor Selján
November 30, 2023 14 mins read

Vulnerability disclosure about Zyxel’s personal cloud storage device. PRIS indicates a command injection vulnerability.

IoT in the Wild West: A Personal Call for Consumer Vigilance and Responsible Development

IoT in the Wild West: A Personal Call for Consumer Vigilance and Responsible Development

picture of the author
Attila Szász
October 18, 2023 9 mins read

Attila shares his thoughts about the state of IoT security to contribute to the Cybersecurity Awareness Month movement.

IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries

IoT Bug Hunting - Part 2 - Walkthrough of discovering command injections in firmware binaries

picture of the author
Gábor Selján
October 9, 2023 15 mins read

Taking bug hunting to the next level. Here are the steps that can lead you to another variation of an OS command injection vulnerability in multiple Zavio IP camera models.

CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras

CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras

picture of the author
Attila Szász
September 6, 2023 95 mins read

BugProve uncovers seven pre-authentication remote code execution flaws and 26 post-authentication code execution vectors in Zavio IP cameras.

Product Update #6

Product Update #6

picture of the author
Bálint Jánvári
September 5, 2023 4 mins read

Improved public API, a new developer portal, larger file uploads and more. For those who prefer integrated systems.

Product Update #5

Product Update #5

picture of the author
Bálint Jánvári
August 2, 2023 6 mins read

Vulnerability monitoring, SBOM export, crisp new report pages and more. Great features for manufacturers.

An Overview of IoT Regulations – Compliance Checklist for the USA

An Overview of IoT Regulations – Compliance Checklist for the USA

picture of the author
Sylvain Delagrange
August 1, 2023 12 mins read

If you want to learn more about upcoming IoT regulations in the US, including the Cyber Trust Mark, this is the article for you. Here's a guidance with a clear checklist included.

Binary Analysis Fundamentals

Binary Analysis Fundamentals

picture of the author
Gábor Selján
July 27, 2023 10 mins read

Learn the basics of binary analysis, including its use cases, limitations, the differences between static and dynamic approaches and more.

An Overview of IoT Regulations - Checklist for UK PSTI, EU RED and CRA

An Overview of IoT Regulations - Checklist for UK PSTI, EU RED and CRA

picture of the author
Cédric Lévy-Bencheton
July 18, 2023 9 mins read

If you don't know where to get started about all the upcoming IoT regulations in Europe, this is the article for you. We offer you guidance with a clear checklist included.

Product Update #4

Product Update #4

picture of the author
Bálint Jánvári
June 28, 2023 3 mins read

Security tools should generate long PDF reports - so now we do. Hopefully, making your lives a bit easier.

Why is IoT security so difficult?

Why is IoT security so difficult?

picture of the author
Gábor Selján
June 13, 2023 6 mins read

We check from a pentester’s perspective why it is so tough to have secure IoT products on the market. Let’s see the 5 main reasons.

Firmware vulnerabilities you don’t want in your product

Firmware vulnerabilities you don’t want in your product

picture of the author
Gergő Hosszú
May 29, 2023 11 mins read

Delve into the specific firmware vulnerabilities that pose the greatest threat: authentication bypass, buffer overflows, and injection flaws.

CVE-2023-31070 Broadcom BCM47xx SDK EMF slab-out-of-bounds write - the uncomfortable reality of the IoT Linux kernel space

CVE-2023-31070 Broadcom BCM47xx SDK EMF slab-out-of-bounds write - the uncomfortable reality of the IoT Linux kernel space

picture of the author
Attila Szász
May 18, 2023 11 mins read

Exploring the Impact of CVE-2023-31070: A Deep Dive into Broadcom BCM47xx SDK, found by Attila Szasz with BugProve's engine.

IoT Bug Bounty Hunting using BugProve - Part 1

IoT Bug Bounty Hunting using BugProve - Part 1

picture of the author
Gábor Selján
May 15, 2023 4 mins read

A short guide on how to use BugProve's proprietary PRIS engine to scan and evaluate firmware for unknown security vulnerabilities - so you can start your bug bounty journey now!

Product Update #3

Product Update #3

picture of the author
Bálint Jánvári
May 10, 2023 2 mins read

Announcing our first AI-powered feature, helping you understand and fix issues faster. Introducing the "Explain" button.

Product Update #2

Product Update #2

picture of the author
Bálint Jánvári
April 25, 2023 2 mins read

A smaller one this time, focused on one much requested feature: shareable reports. Let's dive in!

Your Resource Directory for IoT Security

Your Resource Directory for IoT Security

picture of the author
Gergő Hosszú
April 21, 2023 14 mins read

Check out our collection of books, podcasts, youtube channels, and other educational materials on IoT security and pentesting.

Product Update #1

Product Update #1

picture of the author
Bálint Jánvári
April 11, 2023 3 mins read

This is the first major update to our platform, and we are excited to give you a brief overview of the changes.

7 Questions and Answers about Firmware and Firmware Security

7 Questions and Answers about Firmware and Firmware Security

picture of the author
Attila Szász
April 4, 2023 24 mins read

Discover the ins and outs of firmware security with this all-encompassing guide, including vulnerabilities, encryption, and best practices.

Enhancing Device Security beyond Firmware Encryption

Enhancing Device Security beyond Firmware Encryption

picture of the author
Gergő Hosszú
March 21, 2023 11 mins read

Learn about the limitations of firmware encryption and the risks of firmware hacking techniques that can bypass this security measure

EU Cyber Resilience Act (CRA) - All you need to know in a nutshell

EU Cyber Resilience Act (CRA) - All you need to know in a nutshell

picture of the author
Jonatán Bodó
March 8, 2023 4 mins read

The issue of low cybersecurity standards that plagued the IoT sector for years is going to be solved. Well, not at once, but we are making steps in the right direction.

Launching our Free Plan!

Launching our Free Plan!

picture of the author
Attila Szász
February 15, 2023 2 mins read

To show you the full potential of our 0-day vulnerability discovery and firmware analysis features, so we made sure all the results are there in our Free Plan.