Firmware is hardware-level software stored permanently in devices, controlling their basic functions — e.g., BIOS/UEFI in PCs, operating software in routers, printers, cameras, and IoT devices.
Firmware vulnerabilities are particularly critical because they operate below the operating system and are often undetected by conventional security software. Firmware updates (flashing) close these gaps but are neglected in many organizations. A comprehensive patch management program must include firmware. Secure boot mechanisms ensure that only signed firmware is executed. Asset inventories should document firmware versions to track patch status.