These components involve many vulnerabilities

These components involve many vulnerabilities, some of which are
listed here.
• Firmware
• Ability to modify firmware.
• Insecure signature and integrity verification.
• Hard-coded sensitive values in the firmware—API
keys, passwords, staging URLs, and so on.
• Private certificates.
• Ability to understand the entire functionality of the
device through the firmware.
• File system extraction from the firmware.
• Outdated components with known vulnerabilities.
• Mobile applications
• Reverse engineering the mobile app.
• Dumping source code of the mobile app.
• Insecure authentication and authorization checks.
• Business and logic flaws.
• Side channel data leakage.
• Runtime manipulation attacks.
• Insecure network communication.
• Outdated third-party libraries and software
development kits (SDKs).

Web application
• Client-side injection.
• Insecure direct object reference.
• Insecure authentication and authorization.
• Sensitive data leakage.
• Business logic flaws.
• Cross-site request forgery.
• Cross-site scripting.
That list is just a sample of some of the vulnerabilities present in these
components, which should give you an idea of the kind of vulnerabilities
that affect these components.