The Key is...
under the doormat, on the door sill, in the postbox, and under the cute snail in the planter by the front door. In other words, all is secure as long as you don't count the missing back door.
SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical …
Like this gem: "because the "secret" API token needed to do this is shared across all Defender for IoT installations worldwide" and " the UUID parameter is not properly sanitized before being used in an SQL query", which means it is likely stupid dynamic SQL, just concatenating strings together instead of using variables in the query (which also need to be treated with some care) - and this also seems to be the case for several of the honourable mentions further down in the text. And then there is the race condition that bypasses the security check and creates a new root password? That's gold! Sounds like somebody had one of those "great idea" moments (no, I am not immune to those, but even in our small team we do some code reviews, which catches all sorts of stuff).
They owe me a new keyboard. I have learned not to drink coffee when reading the BOFH, apparently I must add "reading about bugs" to the list....