One of our own identified a buffer overflow in an industrial Bluetooth stack, details are now available at

RT @qkaiser: We recently released a static code analysis feature on the platform. Focus is on shell scripts, specifically the ones used in….

Since MITRE is still up, here's the CVE details:.- -

Read the full write-up with all technical details, insights, and disclosure timeline: .- -

This case shows how automated static analysis can uncover hidden threats in embedded systems—before attackers do. Opaque firmware is a systemic risk. Visibility is key.

Shout-out to Viasat for a smooth coordinated disclosure process. OTA patching complex device fleets isn’t easy—props to their team for handling it transparently.

Affected devices include Viasat RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020. Make sure your devices are updated!.

For CVE-2024-6199, you would need the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem to manipulate specific responses and gain code execution. This is only reachable on devices with DDNS enabled.

With a single crafted HTTP request, an attacker can overflow the stack and hijack execution flow using ROP techniques for CVE-2024-6198. No authentication required.

CVE-2024-6199 was identified in the dynamic DNS feature, where data obtained over a plaintext connection is unsafely parsed.

CVE-2024-6198 was found in "SNORE"—a web interface running on ports 3030 and 9882 via lighttpd on several Viasat modem models. The bug? A classic case of unsafe sscanf usage for URI parsing.

A routine firmware scan by a ONEKEY customer turned into something much bigger. Critical stack buffer overflows were discovered in Viasat satellite modems. Unauthenticated RCE over LAN and OTA interfaces with CVE-2024-6198, unauthenticated RCE over WAN with 2024-6199.

Our automated binary static analysis does it again ! This time it's an unauthenticated command injection affecting TP-Link gaming routers.

Our latest security advisory is out. We identified remote command execution affecting Lua code within wireless backhaul devices from Ligowave.

RT @qkaiser: New batch of automatically identified vulnerabilities just dropped. Affects industrial ethernet router from Delta Electronics.….

RT @qkaiser: Got nerd sniped by @wvuuuuuuuuuuuuu so I looked at D-Link “backdoor” (CVE-2024-3272, CVE-2024-3273). Our pipeline spot it, but….

RT @qkaiser: Small anthology of “silently” patched bugs identified by our binary static analysis feature in FOSS present in firmwares. We’l….

RT @qkaiser: I have been working on this with my team over the last year, so super happy it’s finally out ! ✨I’m providing as much details….

We've published details about the unblob features that landed in the second half of 2023. Check it out ⬇️

unblob version 23.10.31 🎃 is out ! Includes many improvements for spoOoky file formats like CPIO, tar v7, and truncated FAT images. We also support Python 3.12 so Arch users are not left behind. Release notes: Installation: