Security for

Connected Devices

Telecom & Networking Product Security

The EU Cyber Resilience Act (CRA) tightens requirements for network product security — and the reason is built into the products themselves. Routers, switches, gateways, and CPE run for a decade or more in critical environments, where one vulnerable firmware build or outdated component becomes a long-term OEM liability.

Promwad helps telecom and networking product teams identify and fix security weaknesses in connected devices. With 21+ years of embedded engineering and 100+ engineers, we work from inside the device — analyzing hardware, firmware, SBOM/CVE exposure, protocols, and attack surface.

Network equipment security for telecom OEMs

✓ Routers & switches
✓ Gateways & CPE

✓ Network appliances
✓ Industrial network equipment

Why Network Equipment Security Matters

Telecom and networking products are connected, long-lifecycle devices that are typically deployed and forgotten — across geographies, with limited remote upgrade options and even more limited operator visibility. That deployment profile poses cybersecurity risks:

Vulnerable firmware running on aging code paths
Outdated or unpatched third-party packages with known CVEs
Exposed management interfaces — SSH, Telnet, web UIs, SNMP — reachable from untrusted networks
Weak or unsigned update mechanisms that allow rollback or untrusted firmware
Insecure default configurations and credential reuse
Insufficient role separation and access control inside the device
Protocol-level weaknesses in network and management stacks
Insecure boot chains and unprotected debug interfaces

Under the EU Cyber Resilience Act and EU Regulation 2024/2847 (CRA), secure-by-design product engineering, SBOM practices, and secure update mechanisms are becoming an expected baseline for connected products placed on the European market.

Got a network product to assess?
Let's scope the audit together.

Denis Petronenko, Head of Telecommunications Unit at Promwad

Let’s talk

What We Assess in Telecom Products

Promwad reviews network equipment from the perspective of embedded and product engineering. Our team examines how hardware, firmware, operating system components, interfaces, update mechanisms, protocols, and third-party software combine to define your device's actual attack surface.

Assessment areas:

icon

Hardware architecture and debug interfaces

icon

Boot chain and firmware update mechanisms

icon

Management interfaces and
exposed services

icon

SBOM and known exploitable vulnerabilities

icon

CVE relevance mapped to actual product context

icon

Device configuration and access control logic

icon

Network protocols and
data flows

icon

Firmware structure, embedded Linux components, and third-party packages

icon

Attack surface across routers, switches, gateways, and customer premises equipment (CPE)

Audit Scope

Hardware Review

We start at the board. Our hardware engineers review the architecture, identify exposed and debug interfaces, and assess physical access risks that affect the device's trust assumptions.

Typical hardware review activities:

Review of schematics, PCB layout, and reference design adherence
Inventory of debug interfaces such as JTAG, SWD, UART, and unused test points
Assessment of storage, memory protection, and access to non-volatile assets
Evaluation of secure element, TPM (platform crypto module)
Review of platform features that may expand the attack surface
Physical access risk assessment — tamper paths, and externally accessible signals

Outcome: a clear picture of which hardware-level conditions either enable or contain higher-layer attacks.

Firmware and Software Analysis

Most realistic attacks against network equipment land in firmware. We analyze the firmware architecture, inspect the boot and update logic, and review the embedded software stack and 3rd party components against modern threat expectations.

Firmware security analysis covers:

Firmware structural analysis
Embedded Linux, OpenWRT, prplOS, or RTOS-based component review
Bootloader, boot chain integrity, and signing verification logic
Firmware update mechanisms, rollback handling, and recovery paths
Third-party packages, open-source dependencies, and version exposure
Credential exposure, hardcoded secrets, and key management
Known vulnerabilities affecting the firmware stack as deployed

Outcome: a structured view of firmware-level risk that maps directly to fix work.

SBOM and CVE Analysis

A list of CVEs is not a security assessment. SBOM and CVE analysis is only useful when it answers a single question: which of these vulnerabilities actually matter for this product, in this configuration, in this release.

SBOM/CVE work includes:

SBOM generation or review in standard formats such as SPDX and CycloneDX
Mapping of CVEs to actual components present in the firmware build
Prioritization based on real product exposure, not generic CVSS scores
Identification of mitigation pathways — patch, replace, isolate, or configure around
Input into your vulnerability handling and disclosure processes

This is also where we align findings with CRA-relevant product security expectations — including SBOM practices and structured vulnerability handling — to support CRA compliance work on the product side.

Protocol and Attack Surface Analysis

Network products are defined by what they expose. The final block of the audit looks at how the device communicates, what services it offers, and how those services behave when probed.

Protocol and attack surface analysis covers:

Inventory of open ports, listening services, and management endpoints
Review of management protocols such as SSH, HTTPS, SNMP, NETCONF, and RESTCONF
Authentication logic, credential handling, and session management
Configuration interfaces — web UI, CLI, API surfaces
Analysis of network-facing data flows and trust boundaries
Exposure scoring across LAN, WAN, and management plane interfaces

Outcome: a concrete attack surface map that engineering teams can use to reduce, segment, or harden.

Industries We Serve

Telecommunications

Industrial automation

Automotive

IoT & consumer electronics

Don’t wait for a breach, protect your systems today!

What Promwad Delivers

We work to leave product teams with material they can act on. Here are our standard audit deliverables:

icon

Written audit report with classified
findings and supporting evidence

icon

Risk prioritization grounded in product context and deployment model

icon

Map of affected components, interfaces, and configurations

icon

SBOM and CVE summary
with relevance scoring

icon

Attack surface overview across hardware, firmware, and protocol layers

icon

Remediation recommendations at engineering-actionable resolution

icon

Mitigation roadmap aligned with your release planning

icon

Engineering support for selected fixes when deeper hands-on work is needed

Promwad delivers engineering material that makes your next firmware release measurably more defensible — not certification, formal compliance sign-off, or accredited audit work.

Remediation Support From Findings to Fix

A finding is not a fix. After the assessment, Promwad can move with the same team into remediation by implementing changes at the hardware, firmware, and embedded software layers, in the parts of the codebase we already understand.

Remediation activities typically include:

• Reducing exposed interfaces and removing unused services
• Updating or replacing vulnerable third-party components
• Improving firmware update logic — signing, verification, rollback protection
• Strengthening access control, authentication, and session handling

• Supporting SBOM generation and vulnerability handling in your release pipeline
• Implementing selected device-level security mechanisms in product firmware
• Handing off remediation patches and engineering documentation to your team

For broader embedded product security — secure boot, device identity, signed OTA, and secure-by-design engineering across non-network products — see our embedded security services.

Preparing your network product for CRA-era requirements? Let's review where you stand.

Get in touch

Technology Map

Hardware

Hardware threat modeling
Schematic and PCB review
Debug interface inventory: JTAG, UART, SWD
Secure boot review
Tamper resistance and physical access risk assessment
Secure element and TPM usage review (where applicable)

Firmware & Embedded Software

Firmware threat modeling
SBOM generation and review: SPDX, CycloneDX
CVE and CWE analysis
Firmware vulnerability scanning
Secure update mechanism review: boot chain, signing, rollback protection
Third-party component analysis
Embedded Linux, OpenWRT, prplOS, and RTOS-based stacks

Network Protocols & Attack Surface

Management protocols: SSH, SNMP, NETCONF, RESTCONF
Web UI, CLI, and API surfaces
Authentication and access control logic
Open ports and listening services
Configuration interfaces and credential handling
Network-facing data flow analysis

Standards & References

CWE Most Important Hardware Weaknesses
CWE Top 25: firmware and software weaknesses
SBOM formats: SPDX, CycloneDX
Secure coding: MISRA C, MISRA C++, SEI CERT C
Regulatory drivers: EU Cyber Resilience Act (CRA), EU Regulation 2024/2847

Router Security Audit: Realtek RTL9615C / OpenWRT, prplOS

Pain. An OEM was preparing a residential and small-business router for shipment into regulated European markets. Internal teams had limited bandwidth to validate the device's product-level security posture against modern expectations for connected network equipment.

Solution. Promwad performed a network equipment security audit on the router, built on the Realtek RTL9615C platform running OpenWRT and prplOS. The work covered:

Hardware audit including schematic review, PCB analysis, and inventory of unused platform features
Firmware analysis with SBOM generation, CVE identification, and mitigation mapping
Protocol and attack surface analysis across the device's management and data plane interfaces
Targeted security testing against the device firmware

Result. A prioritized findings list, a remediation roadmap, and engineering-level recommendations mapped to CRA-relevant product security expectations — usable directly by the OEM's firmware team for the next release cycle.

Industrial Switch Security Audit: Microchip VSC7448YIH-01

Pain. An industrial switch destined for critical infrastructure deployments needed structured security validation before serial production. The product team needed clarity on hardware-level weaknesses, firmware exposure, and network-facing attack paths — at a level of depth that customer due diligence questionnaires were beginning to demand.

Solution. Promwad delivered an industrial switch security audit on the Microchip VSC7448YIH-01 platform, including:

Hardware audit aligned with CWE Most Important Hardware Weaknesses
Firmware protection work — CVE elimination, SBOM generation, and CWE Top 25 mitigation
Network security analysis and attack prevention review across the switch's protocols and exposed interfaces
Targeted security testing to validate identified mitigations

Result. A validated product security posture with remediation completed at the hardware and firmware levels — and audit material the OEM could use directly in customer-facing security questionnaires for industrial deployments.

Explore Other Cases on Cybersecurity

Malware Analysis with Automatic File Scanning

Data Сentres, Network Security, Cybersecurity, Telecom & Networking

Software Development, Backend

Security Scanning with Aircrack-Ng

Network Security, Safety Systems, Telecom & Networking

Security Upgrade of x86 Router for Compliance

Network Security

Design of Secure Mobile Network Router

Telecom & Networking, Network Security, Consumer Electronics

Firmware Development, Hardware Design

Design of Portable Router with 3 LTE/3G Modems

Telecom & Networking, Network Security

Firmware Development, Hardware Design, Industrial Design, Manufacturing

Smart WiFi router design + ad filter & parental control

Network Security, Consumer Electronics, Telecom & Networking

Firmware Development, Hardware Design, Linux Kernel

Development of the device for trusted session

Trusted module: HW and SW development

Network Security, Safety Systems

Firmware Development, Hardware Design, Manufacturing

Protected USB dongle with integrated browser for online banking

USB Dongle for secure session: development & prototyping

Network Security, Consumer Electronics, Safety Systems

Manufacturing

Why Promwad

Embedded security is built by embedded engineers. Promwad's product security work is grounded in the same teams that design, prototype, and bring network equipment into production.

s905x4

Our Silicon & Platform Expertise

Get a Security Assessment Tailored to Your Network Product

Tell us about the device, the platform, and where it's heading. We'll come back with a scoped audit plan sized to your product context and release schedule.

form.antibot { display: none !important; } You must have JavaScript enabled to use this form.

Tell us about your project

We’ll review it carefully and get back to you with the best technical approach.

All information you share stays private and secure — NDA available upon request.

Prefer direct email?
Write to info@promwad.com

Name *

Work email *

Phone *

Country *

Company *

Message *

By clicking the button, you agree to our Privacy Policy.

Terms *

FAQ

What is included in a network equipment security audit?

A network equipment security audit at Promwad covers four engineering layers: hardware, including architecture, debug interfaces, and board-level risks; firmware, including image structure, boot and update logic, and third-party components; SBOM and CVE, including component inventory and vulnerability exposure; and protocols and attack surface, including exposed services, management interfaces, and network-facing data flows. The output is a structured findings report, prioritized risks, and concrete remediation recommendations for your product team.

How does firmware security analysis differ from general code review?

General code review checks code quality, style, and obvious defects in source you control. Firmware security analysis works on the actual binary as deployed, including bootloader behavior, third-party packages, kernel and userspace components, signing and update logic, and known vulnerabilities in everything you did not write. For network products, that is where the real attack surface lives, and it requires firmware-image-level tooling and embedded engineering judgment, not just static analysis on application code.

What is SBOM/CVE analysis and why does it matter for telecom products?

A Software Bill of Materials, or SBOM, is a structured inventory of every component, open source, third-party, and internal, present in your firmware. CVE analysis maps that inventory to known vulnerabilities and asks the only question that matters: which of these are exploitable in this product, in this configuration, today. Telecom products carry long-lived, network-exposed firmware, often with deep dependency trees, and the EU Cyber Resilience Act formalizes SBOM and vulnerability handling as expected practices. SBOM/CVE analysis turns that requirement into an engineering process.

Can Promwad audit a product that is already in production?

Yes. We work on both pre-release and shipped products. For deployed devices, the audit also considers field constraints, including what can realistically be patched, what must be mitigated by configuration, and what should be addressed in the next hardware revision. The remediation roadmap is sized to what your installed base will actually allow.

How does Promwad support CRA compliance for network equipment?

Promwad provides CRA compliance support on the engineering side, including secure-by-design review of network products, SBOM generation and process integration, structured vulnerability handling input, secure update mechanism review, and remediation work to close gaps identified during assessment. We position this as implementation-oriented support for product teams. Formal CRA conformity assessment, certification, and independent regulatory sign-off remain the responsibility of the OEM and accredited bodies.

How does this service differ from Promwad's Embedded Security services?

This page focuses narrowly on telecom and networking products, including routers, switches, gateways, CPE, and network appliances. Our broader Embedded Security services cover cross-domain product security for industrial, IoT, automotive, medical, and other connected devices, including topics such as secure boot architecture, hardware root of trust, device identity, signed OTA, and runtime protection. If your product is a network device, start here. If it is a connected product in another domain, see /services/embedded/security-hardening.