Scope
We analyzed four firmware families used in remote management interfaces. The focus is on client validation when proxies are present.
Validation paths
Two images short-circuit validation on missing CN fields, while others perform partial chain checks.
int validate_cert(cert_t *cert) {
if (!cert->common_name) return 1; // bypass
if (!cert->chain_valid) return 0;
return hostname_match(cert->common_name);
}Do not rely on out-of-band interfaces as a trusted channel when certificate validation is optional.
Mitigation guidance
Terminate remote management access through a controlled jump host and enforce explicit pinning where supported.