Table 2.

Results of IMECA for the Implemented and demonstrated Code Injection Attacks.

No.	Intrusion Mode	Intrusion Effects	Occurrence Probability	Severity	Difficulty	Pivoting Ability	Mitigation Strategies
1	HTML Code Injection	Showing an innocuous message.	High	Low	Low	Low	The use of input validation and sanitization techniques.
2	CSRF Code Injection	Tricking the device into performing actions, the user did not intend to do.	Medium	Medium	Medium	Medium	The use of input validation and sanitization techniques. The use of anti-CSRF tokens. The use of SameSite cookies. Applying the principle of least privilege.
3	SQL Injection	Leading to data theft or manipulation.	High	High	Medium	Medium	The use of input validation and sanitization techniques. The use of parameterized queries or prepared statements. The use of web application firewalls. The use of regular code reviews. Applying the principle of least privilege to database accounts.
4	XSS– DoS Attack	Allowing the attacker to steal the user’s cookies or other sensitive information or even leading to denial-of-service attacks.	High	Medium	Low	Medium	The use of input validation and sanitization techniques. The Implementation of CSP. The use of output encoding. The use of HTTPOnly cookies.
5	XSS– BeEF	Allowing the attacker to steal the user’s cookies or other sensitive information or even leading to further attack vectors.	Medium	High	Medium	High	The use of input validation and sanitization techniques. The Implementation of CSP. The use of output encoding. The use of HTTPOnly cookies.
6	Firmware Backdoor Injection	Giving the attacker full control of the device.	Low	High	High	High	The use of digital signatures to verify the source and integrity of the firmware. The use of cryptographic hashes to ensure the firmware has not been altered. The use of encryption protects the firmware from unauthorized access during transmission.
7	Firmware Command Injection	Allowing the attacker to execute arbitrary commands on the device	Medium	High	High	High	The use of digital signatures to verify the source and integrity of the firmware. The use of cryptographic hashes to ensure the firmware has not been altered. The use of encryption protects the firmware from unauthorized access during transmission. The use of input validation and sanitization techniques.
8	Firmware Script Injection	Allowing the attacker to run malicious code on the device	Low	High	High	High	The use of digital signatures to verify the source and integrity of the firmware. The use of cryptographic hashes to ensure the firmware has not been altered. The use of encryption protects the firmware from unauthorized access during transmission. The use of input validation and sanitization techniques.