This study addresses the severe security challenges confronting the Internet of Things (IoT), stemming from resource-constrained devices, the absence of unified standards, and an expanding attack surface. The authors systematically analyze 28 representative attack types and, for the first time, integrate the STRIDE threat modeling framework with the Common Vulnerability Scoring System (CVSS) to establish a fine-grained mapping between these attacks and five underlying vulnerability categories: process, code, communication, operational, and device-level flaws. The work comprehensively reviews existing mitigation techniques while critically exposing their limitations. By offering a structured methodology for IoT threat analysis, this research not only advances theoretical understanding but also lays the groundwork for designing highly resilient security architectures and charting future directions in IoT security.

The exponential growth of the Internet of Things (IoT) has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally challenged by significant security risks, primarily due to the inherent computational limitations of devices, lack of standardization, and an expanding attack surface. Given that security is paramount to ensuring trust in these environments, this paper presents a comprehensive survey and a multi-dimensional analysis of the IoT threat landscape. It describes 28 common attacks, ranging from traditional threats, such as Man-in-the-Middle, to specialized IoT exploits, including node replication and skimming. To provide a structured understanding of these risks, we employ the STRIDE model for functional threat classification alongside the CVSS framework for quantitative criticality assessment. Furthermore, the research establishes a robust mapping between these threats and five foundational vulnerability classes (Process, Code, Communication, Operation, and Device), uncovering the specific technical entry points exploited by adversaries. Beyond threat identification, the survey presents state-of-the-art mitigation techniques and discusses emerging paradigms and research gaps, working as a roadmap for future investigation and providing a consolidated technical foundation for both researchers and practitioners aiming to build resilient and secure IoT ecosystems.