Vilo Router 0day Research


Vilo Router 0day Research

From January to August 2024, I led a team of BYU students in discovering 9 vulnerabilities in Vilo 5 Mesh WiFi System routers. All vulnerabilities were issued CVEs, reported to the vendor, and affected the latest version of the firmware at the time (5.16.1.33). These were discovered after evaluating the physical router hardware, firmware and active network services, mobile app code, and cloud infrastructure interactions.

Our team presented our research at IoT Village @ DEFCON 32 and SAINTCON 2024. To see more information, we published details of the vulnerabilities, slides from our talks, and some documentation pertaining to the Vilo attack surface on our GitHub here –> https://github.com/byu-cybersecurity-research/vilo.