haymiz@kali:~/blog$

CVEs

Over the years, I’ve discovered numerous CVE’s through my security research projects which some of them considered as a Zero-Day vulnerabilities.

For more information, refer to my LinkedIn profile.

CVE Number Description Severity Affected Software Date Disclosure
CVE-2023-3453 INSECURE DEFAULT INITIALIZATION OF RESOURCE High (7.1) ETIC Telecom Remote Access Server (RAS) 7/27/2023
CVE-2022-3703 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY High (7.6) ETIC Telecom Remote Access Server (RAS) 7/27/2023
CVE-2022-41607 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) Medium (6.2) ETIC Telecom Remote Access Server (RAS) 7/27/2023
CVE-2022-40981 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS Medium (5.9) ETIC Telecom Remote Access Server (RAS) 7/27/2023
CVE-2021-38470 OS Command Injection (RCE) Critical (9.1) InHand IR615 Router 10/19/2021
CVE-2021-38478 OS Command Injection (RCE) Critical (9.1) InHand IR615 Router 10/19/2021
CVE-2021-38472 Improper Restriction Of Rendered Medium (4.7) InHand IR615 Router 10/19/2021
CVE-2021-38486 Improper Authorization High (8.0) InHand IR615 Router 10/19/2021
CVE-2021-38480 Cross-Site Request Forgery (CSRF) Critical (9.6) InHand IR615 Router 10/19/2021
CVE-2021-38464 Inadequate Encryption Strength Medium (6.4) InHand IR615 Router 10/19/2021
CVE-2021-38474 Improper Restriction Of Excessive Authentication Attempts Medium (6.3) InHand IR615 Router 10/19/2021
CVE-2021-38484 Unrestricted Upload Of File With Dangerous Type Critical (9.1) InHand IR615 Router 10/19/2021
CVE-2021-38466 Cross-Site Scripting (XSS) Medium (8.8) InHand IR615 Router 10/19/2021
CVE-2021-38482 Cross-Site Scripting (XSS) Medium (8.7) InHand IR615 Router 10/19/2021
CVE-2021-38468 Cross-Site Scripting (XSS) Medium (8.7) InHand IR615 Router 10/19/2021
CVE-2021-38476 Observable Response Discrepancy Medium (6.5) InHand IR615 Router 10/19/2021
CVE-2021-38462 Weak Password Requirements Critical (9.8) InHand IR615 Router 10/19/2021
CVE-2020-35557 Improper Privilege Management Medium (6.5) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-12527 Improper Privilege Management Medium (6.5) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-12528 Improper Privilege Management Medium (6.5) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35570 Files or Directories Accessible to External Parties Medium (5.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35558 Server-Side Request Forgery (SSRF) Medium (5.8) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-12529 Server-Side Request Forgery (SSRF) Medium (5.8) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35560 Open Redirect Medium (4.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-12530 Cross Site Scripting (XSS) Medium (4.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35563 Cross Site Scripting (XSS) Low (3.5) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35564 Cross Site Scripting (XSS) Medium (4.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35569 Cross Site Scripting (XSS) Low (3.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35566 Local File Inclusion (LFI) Medium (5.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35559 Denial Of Service (DOS) Medium (4.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35568 Sensitive Information Disclosure Medium (4.3) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35567 Shared Password High (7.8) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35565 Insecure Default Initialization of Resource Medium (5.9) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-35561 Server-Side Request Forgery (SSRF) Medium (5.8) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-10384 Improper Privilege Management High (7.8) mbCONNECT24, mymbCONNECT24 03/02/2021
CVE-2020-11641 Local File Inclusion Vulnerability High (7.7) B&R Industrial Automation, SiteManager 09/29/2020
CVE-2020-11642 Denial of Service via Local File Inclusion Vulnerability High (7.7) B&R Industrial Automation, SiteManager 09/29/2020
CVE-2020-11643 Information Disclosure Vulnerability Medium (6.5) B&R Industrial Automation, SiteManager, GateManager 09/29/2020
CVE-2020-11644 Audit Message Spoofing Vulnerability Medium (6.5) B&R Industrial Automation, SiteManager, GateManager 09/29/2020
CVE-2020-11645 Denial of Service Vulnerability Medium (6.5) B&R Industrial Automation, SiteManager, GateManager 09/29/2020
CVE-2020-11646 Log Information Disclosure Vulnerability Medium (4.3) B&R Industrial Automation, SiteManager, GateManager 09/29/2020
CVE-2020-24570 Server-Side Request Forgery High (8.8) mbCONNECT24, mymbCONNECT24 09/30/2020
CVE-2020-24569 Blind SQL injection High (7.1) mbCONNECT24, mymbCONNECT24 09/30/2020
CVE-2020-24568 Blind SQL injection High (7.1) mbCONNECT24, mymbCONNECT24 09/30/2020
N/A Unauthenticated Remote Code Execution Critical (9.8) mbCONNECT24, mymbCONNECT24 09/30/2020
CVE-2017-13713 Execution of Arbitrary Code High (8.8) T&W WIFI Repeater BE126 09/07/2017
CVE-2017-8770 Local File Inclusion Vulnerability High (7.5) T&W WIFI Repeater BE126 09/20/2017
CVE-2017-8771 Use of Hard-coded Credentials Critical (9.8) T&W WIFI Repeater BE126 09/20/2017
CVE-2017-8772 Use of Hard-coded Credentials Critical (9.8) T&W WIFI Repeater BE126 09/20/2017
CVE-2013-3633 Authorization Bypass High (7.6) Siemens Scalance X-200 12/10/2019

Media Publications

  1. Critical Flaws Discovered in Popular Industrial Remote Access Systems

  2. InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

  3. CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

  4. Security gaps found in MBConnect’s industrial remote access offering

  5. FLAWS IN LEADING INDUSTRIAL REMOTE ACCESS SYSTEMS ALLOW DISRUPTION OF OPERATIONS