Vulnerability REsearch

A technical deep dive into VulHunt's architecture and capabilities. We explore how the framework combines intra-procedural dataflow analysis, semantic code pattern matching on decompiled output, type libraries, function signatures, annotated code listings, byte pattern matching, and intermediate representation (IR) matching to enable flexible, architecture-aware vulnerability detection in binaries.

We adopt the mindset of a vulnerability researcher and use VulHunt's taint-tracking capabilities to hunt for vulnerabilities in Netgear RAX30 router firmware. From interactive prototyping in the VulHunt shell to building a scalable detection rule, we rediscover CVE-2023-48725 and uncover additional affected binaries — demonstrating VulHunt's full workflow from reconnaissance to automated scanning.

We walk through writing a VulHunt rule to detect CVE-2024-12084, a heap-based buffer overflow in rsync. Starting from understanding the vulnerability's root cause, we build detection logic step by step — covering rule metadata, function scoping, annotation, order guarantees, and decompiler queries — culminating in a production-ready rule that pinpoints the exact vulnerable code path in stripped binaries.

Existing tools for checking binaries against known vulnerabilities rely on version strings or simple byte patterns, leading to high false-positive rates and little actionable insight. We built VulHunt to bring code-level, semantic vulnerability detection to binaries — combining dataflow analysis, IR matching, and pattern matching into a single framework that delivers precise, annotated findings at scale.

Software mitigations play a critical role in the quest to secure the digital world. Shortly after the discovery and the rise of buffer overflows in the 90s, mitigations were introduced in the software ecosystem and eventually made their way into virtually any piece of software we run on our devices: from browsers to web servers, from OS kernels to userspace applications. Mitigations are typically designed to address one or more classes of vulnerabilities, making their exploitation more difficult. For example, while exploiting a stack overflow without any deployed mitigation is straightforward, the presence of properly implemented stack canaries requires chaining additional vulnerabilities or leveraging more complex techniques to bypass this protection.

In a previous blog post, we detailed three Supermicro BMC firmware vulnerabilities that were originally found by the NVIDIA Offensive Security Research Team and disclosed earlier this year. All these issues were related to the BMC firmware update process and could be exploited by an attacker with administrative access to the BMC operating system who uploaded a specially crafted image.

Binarly, the industry leader in software and firmware supply‑chain security, will take the keynote day stage at LABScon for the fourth year in a row, reinforcing the company's role as a go-to source for groundbreaking technical research at one of the cybersecurity industry's premier conferences. This year's presentation, Signed and Dangerous: BYOVD Attacks on Secure Boot, presents the first large-scale census of signed UEFI modules, drawn from both public threat intelligence feeds and Binarly's private telemetry.

Binarly REsearch has investigated alarming vulnerabilities in Supermicro BMC firmware, including a critical signature verification bypass (CVE-2024-10237). These issues provide attackers persistent control beneath the OS level.

Binarly's new patent enables environment-aware vulnerability reachability analysis, improving real-world exploitability insights.

Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.

Microcode has always been a crucial component in platform security for the x86 ecosystem. Any vulnerability in microcode leads to significant issues and long-standing side effects across the entire industry. Last week, we witnessed a rare instance of such a vulnerability highlighting potential gaps in AMD's product security practices, prompting industry-wide discussion on the security implications for confidential computing.

This vulnerability got our attention for many reasons: firstly, the vendor agreed on the critical impact; and secondly, the nature of the vulnerability where an unauthenticated user can remotely trigger the code flow with a simple post request and cause the arbitrary code execution over classical stack overflow (CWE-121).

After discovering PKFail, the Binarly REsearch team went on the hunt for other instances of non-production test keys being used in firmware binaries. In this case, non-production test keys were originally generated by reference implementation vendors sitting at the top of the supply chain and then propagated to downstream vendors which often failed to replace them.

Uncover the UEFI's dark side with a groundbreaking study on Cross-Silicon Exploitation. Explore ARM's impact on UEFI security in this technical dive.

Uncover insights into key misuse in integrated firmware images with BINARLY's analysis of Intel's explanation. Discover the impact on the software supply chain.

Uncover Major Vulnerabilities in Supermicro BMCs. Dive into hidden attack surfaces and exploits found by BINARLY REsearch in Supermicro BMC IPMI firmware.

Uncover the challenges of lingering vulnerabilities in reference code within a fractured ecosystem. Learn how these issues impact supply chains.

Discover How BINARLY Reports High Severity AMD Vulnerabilities with Industry Impact | AMD Client Vulnerabilities Revealed - BINARLY Research Team's Findings.

Discover why scalable vulnerability analysis demands automation. Learn about critical firmware-specific vulnerabilities, like BatonDrop (CVE-2022-21894), affecting Microsoft Windows bootloaders.

Binarly's REsearch team has led the coordinated disclosure of multiple vulnerabilities in Qualcomm reference code and ARM-based Lenovo devices powered by UEFI firmware. Multiple vendors are affected including Microsoft Surface devices, Samsung, HP, and many others...

Uncover the latest ARM device vulnerabilities affecting Qualcomm and Lenovo. BINARLY's detailed exploration of CVE-2022-3430 and CVE-2022-3431 issues.

Explore UEFI firmware vulnerabilities with efiXplorer v5.2 [Xmas Edition]. Enhance your code analysis and SMM call-out detection capabilities. Upgrade now!

Uncover the ongoing security risks in Lenovo's firmware patches. Explore why CVE-2022-3430 and CVE-2022-3431 remain unaddressed despite official disclosure.

Uncover vulnerabilities in UEFI firmware with insights on OpenSSL updates & SBOMs. Discover the impact on supply chain security. Stay informed.

Discover high-impact firmware vulnerabilities in Insyde-based devices in the 2022 LABScon report. Learn more about these critical findings today.

Unlocking the Secrets: BINARLY Reveals High Severity Vulnerabilities in AMI Based Devices. Explore our eye-opening research findings now!

Discover how BINARLY uncovered 6 critical firmware vulnerabilities in HP Enterprise devices. Insights on the latest security findings await you.

Discover how symbolic execution uncovers UEFI firmware vulnerabilities with BINARLY's expert efiXplorer team. Elevate your bug detection game today!

Discover the dark world of firmware vulnerabilities and persistent cyber threats with Black Hat 2022. Unveiling the Intel PPAM attack story and more!

Discover how BINARLY's Research Team is boosting enterprise device security with coordinated disclosures. Stay informed on patching Dell BIOS vulnerabilities.