Products
netrise-platform-icon
NetRise Platform
Analyze compiled code to create accurate SBOMs and uncover risk within the software that actually executes on your devices and throughout your enterprise.
ZeroLens-icon
NetRise ZeroLens
Identify weaknesses in compiled software before bad actors find and exploit them.
integration-menu-img
Integrations
NetRise integrates seamlessly into your workflow. Explore our ecosystem to secure your software supply chain.
Solutions
Solutions

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Featured Article
d654602309a74ff97e7cda24e838b73f
The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of
Software Risks
Use Cases
ph_seal-check-light
Compliance Adherence
Ensure compliance with global standards.
ph_chart-scatter-light
Continuous Monitoring
Real-time insights and alerts.
ph_warning-light
Holistic Risk Visibility
Achieve full visibility on vulnerabilities.
ph_list-checks-light
Inventory & Querying
Track and manage software assets.
ph_currency-circle-dollar-light
Return on Investment
Maximize risk-adjusted returns.
ph_hand-coins-light-1
SBOM Management
Maintain comprehensive software bills.
By Industry
ph_user-rectangle-light
Consulting Firms
Solutions for consultancy needs.
ph_barbell
Device Manufacturers
Compliance and security across devices.
ph_building-office-light
Enterprise Corporations
Security for large-scale environments.
ph_bank-light
Government Organizations
Reliable public sector solutions.
ph_ambulance-light
Healthcare
Secure and compliant healthcare data.
ph_lightning-light
Power & Utilities
Manage risk in critical infrastructure.
Resources
Resources

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Latest Resources
SCVis-report
Supply Chain Visibility &
Risk Study
Resource Library
ph_notepad-light
Blog
Stay informed with our last articles.
ph_newspaper-light
Whitepapers & Briefs
In-depth insights on industry standards.
ph_microphone-light
Webinars & Podcasts
Check our last webinars & podcasts
glossary-icon
Glossary
Master supply chain security terms.
News & Updates
ph_megaphone-light
Annoucements
Latest product and company updates.
ph_newspaper-clipping-light
In the News
View media coverage and news highlights featuring NetRise.
ph_calendar-star-light
Events
Upcoming industry conferences.
ph_medal-light
Awards
Industry recognitions and achievements.
Company
Company
about
About us
Learn more about our mission to enhance cybersecurity across industries.
careers
Careers
Explore exciting career opportunities to shape the future of secure technology.
security
Security
Discover our cutting-edge solutions to protect your digital infrastructure.
Partners
Schedule a Demo
Schedule a Demo
Threat Intelligence & Detection Oct 16, 2025 4min read

Hidden Software Flaws Undermine Device Security

For security professionals, October is a time to look past surface defenses and acknowledge where risk persists. One of the most overlooked sources of exposure is the software that runs routers, access points, industrial controllers, and other connected devices.

This post launches NetRise’s Cybersecurity Awareness Month series. Throughout the month we’ll unpack themes that cut across technical and business concerns: adversaries targeting connected devices, the persistence of old exploits, and the value of software transparency through Software Bill of Materials (SBOMs).

 

Old Vulnerabilities Don’t Disappear

In 2014, researcher Dominique Bongard disclosed the Pixie Dust exploit, a weakness in the Wi-Fi Protected Setup (WPS) protocol. By taking advantage of predictable entropy in key generation, attackers could recover WPS PINs in seconds. Strong passphrases offered no protection because the attack worked offline.

More than a decade later, Pixie Dust remains exploitable. NetRise analysis found 24 devices from six vendors with firmware released vulnerable to Pixie Dust as late as 2025. Analysis showed:

  • Firmware releases continued an average of 7.7 years after disclosure.
  • Only 4 of 24 devices were ever patched. The average patch lag was nearly a decade.
  • Many updates were described in vague terms such as “Fixed some security vulnerability,” leaving organizations unaware of what was addressed.

Vulnerabilities don’t expire when they fall out of conversation. Without visibility, you may find yourself exposed to exploits long understood as obsolete.

Fresh Reminders from Recent Advisories

Legacy risk is only half the story. In September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on multiple TP-Link router flaws that were already under active exploitation. These weaknesses provided attackers, including foreign adversaries, with a foothold into consumer and small-office networks.

CISA recommended immediate patching where updates existed and replacement where support had ended.

When you place the Pixie Dust findings alongside CISA’s advisory, you see both ends of the challenge. Some weaknesses linger quietly for a decade. Others surface and are exploited in real time. In both cases, organizations lack the visibility needed to respond effectively.

Why CVEs Don’t Tell the Full Story

Many organizations equate security posture with Common Vulnerabilities and Exposures (CVE) counts. That metric leaves out a wide range of real exposure in firmware.

  • Misconfigurations such as WPS enabled by default.
  • Silent fixes that never receive CVE identifiers or detailed advisories.
  • Incomplete or inaccurate Common Platform Enumeration (CPE) data that prevents known CVEs from being linked to affected components.
  • Hidden functions that remain active even when user interfaces suggest otherwise.

The Pixie Dust analysis highlighted these gaps, and only a fraction of affected releases were linked to CVEs. Without deeper inspection of what actually executes in the firmware image, you won’t know whether devices in your environment remain vulnerable.

SBOMs: A Path to Visibility

A Software Bill of Materials (SBOM) offers a structured way to see what code is present inside software and firmware. 

CISA’s proposed minimum requirements for SBOMs reinforce their importance to national security. An SBOM generated through binary analysis reveals the components and dependencies inside device software, but understanding the provenance of those components—particularly open-source libraries—is just as critical. As we noted in our public response to the request for comment, visibility into where components originate and how they’re maintained strengthens both trust and accountability across the software supply chain.

This visibility enables you to:

  • Map vulnerable modules across different product lines.
  • Identify inherited cryptographic libraries with weak defaults.
  • Maintain an inventory of firmware versions for ongoing risk assessment.

Beyond compliance, SBOMs give you actionable insight into weaknesses like Pixie Dust that evade CVE-driven workflows.

Strategic and Operational Consequences

The persistence of software and firmware vulnerabilities creates both strategic and operational consequences.

Shipping software with known weaknesses creates reputational harm, regulatory exposure, and liability, especially when patch practices are inconsistent or release notes vague.

For consumers of software: routers, range extenders, and other networking devices can undermine security controls silently. A user interface may suggest WPS is disabled while system code continues to expose the function. You cannot rely on vendor disclosures alone to confirm whether devices remain secure.

Attackers, including state-sponsored actors, exploit these blind spots. Adversaries exploit consumer networking gear because it is broadly deployed and rarely maintained.

How You Can Respond

You can take practical steps to reduce exposure:

  1. Disable WPS on all devices unless you have a specific operational need.
  2. Build firmware inventories by generating SBOMs through binary analysis.
  3. Audit default configurations to eliminate weak services.
  4. Require vendors to provide signed updates and clear security advisories.
  5. Replace unsupported devices rather than continuing to rely on outdated firmware.
  6. Adopt secure-by-default development practices, including cryptographic review of inherited components.

These actions reduce risk in ways patching alone cannot.

Looking Ahead in This Series

This first post frames the conversation for Cybersecurity Awareness Month. You’ve seen how a vulnerability from 2014 still undermines device security in 2025, and how adversaries exploit both old and new flaws in networking equipment. You’ve also seen why SBOMs provide a more reliable foundation for managing firmware risk.

In the coming weeks, we’ll expand on three threads:

  • Foreign adversary activity targeting device firmware in advanced campaigns.
  • Building and applying SBOMs for real-world supply chain visibility.
  • Non-CVE exposures that remain invisible to traditional security processes.

Firmware cannot remain an afterthought. Hidden vulnerabilities often never reach a CVE database, leaving organizations blind to real exposure. By focusing on what actually executes in device software and firmware, you can reduce uncertainty, demonstrate due diligence, and close the gap that adversaries continue to exploit.

Learn More

See how binary analysis uncovers hidden risk in firmware and provides the SBOM insight you need to act with confidence. Talk with NetRise experts.

 

 

Stay up to date with the news

Sign Up To Get Our Free Insights Delivered To Your Inbox