Firmware extraction and reverse engineering - Hardcoded credentials and encryption keys - Command injection in firmware update mechanisms - Unencrypted or unsigned firmware updates - Backdoor accounts and debug interfaces