Devices should have mechanisms that protect their firmware (anti-rollback) from being downgraded.
CWE-693: Protection Mechanism Failure. The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Algorithm Downgrade. A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.22) Verify that the device cannot be downgraded to old versions (anti-rollback) of valid firmware.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation