The fast usage of Internet of Things (IoT) device in industrial and consumer settings has dramatically expanded on the attack surface of embedded systems. This paper explores firmware security through reverse engineering and analysis of a firmware image of an IoT style with two open-source tools: Binwalk and Ghidra. An artificial representation of the structure of typical Linux-based IoT firmware was produced by a controlled firmware image which had a SquashFS file system and compiled binaries. Embedded file systems and binaries were extracted using Binwalk and Ghidra was used to do the static analysis and decompilation of extracted executable files. The vulnerability analysis showed that there are a number of deliberately introduced security flaws such as hard-coded credentials, unsecured input handling functions and insecure configuration practices. The success of the method was shown by the successful recovery of the firmware filesystem and detection of these types of vulnerabilities with the help of the strict reverse-engineering tool. The paper shows the possible contribution of open-source tools to the analysis of firmware-level vulnerabilities and enhancing security testing of embedded IoT systems.