This paper reviews IoT firmware vulnerabilities and auditing techniques, highlighting the challenges and current state-of-the-art approaches in securing IoT firmware. IoT devices are increasingly prevalent in various domains, but their limited hardware and power capabilities pose significant security challenges. Firmware vulnerabilities, often overlooked during development and deployment, are a major concern, as they can be exploited to compromise device functionality and security. The paper discusses the importance of auditing IoT firmware to identify and mitigate these vulnerabilities, covering system properties, access controls, hardware and software re-use, network interfacing, image management, user awareness, regulatory compliance, and adversarial vectors. It also explores the efficiency and scalability of auditing techniques for detecting firmware vulnerabilities, as well as the effectiveness of existing tools and methods. The paper reviews the latest firmware architectures and evaluation platforms, emphasizing technical, regulatory, and standardization challenges. It also discusses the application of machine learning and blockchain technologies in securing IoT firmware. The paper proposes a taxonomy of vulnerabilities and maps them with their exploitation vectors and auditing tools. It concludes with a summary of ongoing and future research challenges in IoT firmware to support secure IoT development. The paper provides a comprehensive overview of existing firmware security efforts, highlighting the causes of insecurity and the available techniques for security auditing and their efficacy. It also discusses the limitations of current auditing techniques and recommendations for improving scalability, coverage, support, and automation. The paper emphasizes the need for a holistic approach to firmware security, considering the design, development, and management of IoT devices, as well as the access and operational characteristics of the ecosystem. The paper also discusses the impact of domain limitations on firmware security and the challenges of regulatory compliance in IoT systems. Overall, the paper aims to provide a comprehensive understanding of IoT firmware vulnerabilities and auditing techniques, supporting future research and development in secure IoT systems.This paper reviews IoT firmware vulnerabilities and auditing techniques, highlighting the challenges and current state-of-the-art approaches in securing IoT firmware. IoT devices are increasingly prevalent in various domains, but their limited hardware and power capabilities pose significant security challenges. Firmware vulnerabilities, often overlooked during development and deployment, are a major concern, as they can be exploited to compromise device functionality and security. The paper discusses the importance of auditing IoT firmware to identify and mitigate these vulnerabilities, covering system properties, access controls, hardware and software re-use, network interfacing, image management, user awareness, regulatory compliance, and adversarial vectors. It also explores the efficiency and scalability of auditing techniques for detecting firmware vulnerabilities, as well as the effectiveness of existing tools and methods. The paper reviews the latest firmware architectures and evaluation platforms, emphasizing technical, regulatory, and standardization challenges. It also discusses the application of machine learning and blockchain technologies in securing IoT firmware. The paper proposes a taxonomy of vulnerabilities and maps them with their exploitation vectors and auditing tools. It concludes with a summary of ongoing and future research challenges in IoT firmware to support secure IoT development. The paper provides a comprehensive overview of existing firmware security efforts, highlighting the causes of insecurity and the available techniques for security auditing and their efficacy. It also discusses the limitations of current auditing techniques and recommendations for improving scalability, coverage, support, and automation. The paper emphasizes the need for a holistic approach to firmware security, considering the design, development, and management of IoT devices, as well as the access and operational characteristics of the ecosystem. The paper also discusses the impact of domain limitations on firmware security and the challenges of regulatory compliance in IoT systems. Overall, the paper aims to provide a comprehensive understanding of IoT firmware vulnerabilities and auditing techniques, supporting future research and development in secure IoT systems.