IoT Product Security Knowledge Hub

CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras

CVE-2023-3959, CVE-2023-4249 - Multiple critical vulnerabilities in Zavio IP cameras

picture of the authorAttila Szász September 6, 2023 95 mins read

BugProve uncovers seven pre-authentication remote code execution flaws and 26 post-authentication code execution vectors in Zavio IP cameras. Despite repeated warnings, Zavio remained unresponsive, necessitating intervention from CISA.

Product Update #6

Product Update #6

picture of the authorBálint Jánvári September 5, 2023 4 mins read

Improved public API, a new developer portal, larger file uploads and more.

Product Update #5

Product Update #5

picture of the authorBálint Jánvári August 2, 2023 6 mins read

Vulnerability monitoring, SBOM export, crisp new report pages and more.

An Overview of IoT Regulations – Compliance Checklist for the USA

An Overview of IoT Regulations – Compliance Checklist for the USA

picture of the authorSylvain Delagrange August 1, 2023 12 mins read

If you want to learn more about all the upcoming IoT regulations in the US, including the Cyber Trust Mark, this is the article for you. We offer you guidance with a clear checklist included.

Binary Analysis Fundamentals

Binary Analysis Fundamentals

picture of the authorGábor Selján July 27, 2023 10 mins read

Learn the basics of binary analysis, including its use cases, limitations, the differences between static and dynamic approaches and more.

An Overview of IoT Regulations - Checklist for UK PSTI, EU RED and CRA

An Overview of IoT Regulations - Checklist for UK PSTI, EU RED and CRA

picture of the authorCédric Lévy-Bencheton July 18, 2023 10 mins read

If you don't know where to get started about all the upcoming IoT regulations in Europe, this is the article for you. We offer you guidance with a clear checklist included.

Product Update #4

Product Update #4

picture of the authorBálint Jánvári June 28, 2023 3 mins read

Security tools should generate long PDF reports - so now we do.

Why is IoT security so difficult?

Why is IoT security so difficult?

picture of the authorGábor Selján June 13, 2023 7 mins read

We check from a pentester’s perspective why it is so tough to have secure IoT products on the market. Let’s see the 5 main reasons.

Firmware vulnerabilities you don’t want in your product

Firmware vulnerabilities you don’t want in your product

picture of the authorGergő Hosszú May 29, 2023 12 mins read

Delve into the specific firmware vulnerabilities that pose the greatest threat: authentication bypass, buffer overflows, and injection flaws. Gain insights into each vulnerability and their potential impacts.

CVE-2023-31070 Broadcom BCM47xx SDK EMF slab-out-of-bounds write - the uncomfortable reality of the IoT Linux kernel space

CVE-2023-31070 Broadcom BCM47xx SDK EMF slab-out-of-bounds write - the uncomfortable reality of the IoT Linux kernel space

picture of the authorAttila Szász May 18, 2023 11 mins read

Exploring the Impact of CVE-2023-31070: A Deep Dive into Broadcom BCM47xx SDK, found by Attila Szasz with BugProve's engine.

IoT Bug Bounty Hunting using BugProve

IoT Bug Bounty Hunting using BugProve

picture of the authorGábor Selján May 15, 2023 4 mins read

A short guide on how to use BugProve's proprietary PRIS engine to scan and evaluate firmware for unknown security vulnerabilities - so you can start your bug bounty journey now!

Product Update #3

Product Update #3

picture of the authorBálint Jánvári May 10, 2023 2 mins read

Announcing our first AI powered feature, helping you understand and fix issues faster.

Product Update #2

Product Update #2

picture of the authorBálint Jánvári April 25, 2023 2 mins read

A smaller one this time, focused on one much requested feature: shareable reports.

Your Resource Directory for IoT Security

Your Resource Directory for IoT Security

picture of the authorGergő Hosszú April 21, 2023 14 mins read

Check out our collection of books, podcasts, youtube channels, and other educational materials on IoT security and pentesting.

Product Update #1

Product Update #1

picture of the authorBálint Jánvári April 11, 2023 3 mins read

This is the first major update to our platform, and we are excited to give you a brief overview of the changes.

7 Questions and Answers about Firmware and Firmware Security

7 Questions and Answers about Firmware and Firmware Security

picture of the authorAttila Szász April 4, 2023 25 mins read

Discover the ins and outs of firmware security with this all-encompassing guide, including vulnerabilities, encryption, and best practices.

Enhancing Device Security beyond Firmware Encryption

Enhancing Device Security beyond Firmware Encryption

picture of the authorGergő Hosszú March 21, 2023 12 mins read

Learn about the limitations of firmware encryption and the risks of firmware hacking techniques that can bypass this security measure

EU Cyber Resilience Act (CRA) - All you need to know in a nutshell

EU Cyber Resilience Act (CRA) - All you need to know in a nutshell

picture of the authorJonatán Bodó March 8, 2023 4 mins read

The issue of low cybersecurity standards that plagued the IoT sector for years is going to be solved. Well, not at once, but we are making steps in the right direction.

Launching our Free Plan!

Launching our Free Plan!

picture of the authorAttila Szász February 15, 2023 2 mins read

We want to show you the full potential of our zero-day vulnerability discovery and firmware analysis features, so we made sure the results you get are completely available in our Free Plan as well.

CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK

CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK

picture of the authorAttila Szász February 14, 2023 8 mins read

An overview of the vulnerabilities found by BugProve in the SDK of Silicon Labs