CVE's
Over the years, my security research projects have led to the discovery of a total of 68 CVE’s, all of which were classified as Zero-Day vulnerabilities.
For more information, refer to my LinkedIn profile.
| CVE Number | Description | Severity | Affected Software | Date Disclosure |
|---|---|---|---|---|
| CVE-2025-1913 | Authenticated (Admin+) PHP Object Injection | High (7.2) | Product Import Export for WooCommerce By WebToffee | 3/25/2025 |
| CVE-2025-1912 | Server-Side Request Forgery | High (7.6) | Product Import Export for WooCommerce By WebToffee | 3/25/2025 |
| CVE-2025-1911 | Directory Traversal to Authenticated Limited Arbitrary File Deletion | Low (2.7) | Product Import Export for WooCommerce By WebToffee | 3/25/2025 |
| CVE-2025-1769 | Directory Traversal to Authenticated Limited Arbitrary File Read | Medium (4.9) | Product Import Export for WooCommerce By WebToffee | 3/25/2025 |
| CVE-2025-1973 | Directory Traversal to Authenticated Limited Arbitrary File Read | Medium (4.9) | Export and Import Users and Customers By WebToffee | 3/21/2025 |
| CVE-2025-1972 | Directory Traversal to Authenticated Limited Arbitrary File Deletion | Low (2.7) | Export and Import Users and Customers By WebToffee | 3/21/2025 |
| CVE-2025-1971 | Authenticated (Admin+) PHP Object Injection | High (7.2) | Export and Import Users and Customers By WebToffee | 3/21/2025 |
| CVE-2025-1970 | Authenticated (Administrator+) Server-Side Request Forgery | High (7.6) | Export and Import Users and Customers By WebToffee | 3/21/2025 |
| CVE-2024-13920 | Directory Traversal to Authenticated Limited Arbitrary File Read | Medium (4.9) | Order Export & Order Import for WooCommerce By WebToffee | 3/19/2025 |
| CVE-2024-13921 | Authenticated (Admin+) PHP Object Injection | High (7.2) | Order Export & Order Import for WooCommerce By WebToffee | 3/19/2025 |
| CVE-2024-13922 | Directory Traversal to Authenticated Limited Arbitrary File Deletion | Low (2.7) | Order Export & Order Import for WooCommerce By WebToffee | 3/19/2025 |
| CVE-2024-13923 | Authenticated (Administrator+) Server-Side Request Forgery | High (7.6) | Order Export & Order Import for WooCommerce By WebToffee | 3/19/2025 |
| CVE-2024-12309 | Unauthenticated Insecure Direct Object Reference | Medium (5.3) | Star Rating Plugin by FeedbackWP | 12/12/2024 |
| CVE-2024-26156 | Reflected cross-site scripting vulnerability in the method parameter | Medium (4.8) | ETIC Telecom Remote Access Server (RAS) | 12/3/2024 |
| CVE-2024-26157 | Reflected cross-site scripting vulnerability in get view method under view parameter | Medium (5.3) | ETIC Telecom Remote Access Server (RAS) | 12/3/2024 |
| CVE-2024-26154 | Reflected cross-site scripting vulnerability in the appliance site name | Medium (4.8) | ETIC Telecom Remote Access Server (RAS) | 12/3/2024 |
| CVE-2024-26155 | Cleartext transmission of sensitive information in the web portal | Medium (6.1) | ETIC Telecom Remote Access Server (RAS) | 12/3/2024 |
| CVE-2024-26153 | Cross-site request forgery vulnerability lead to denial of service | Medium (6.3) | ETIC Telecom Remote Access Server (RAS) | 12/3/2024 |
| CVE-2023-3453 | INSECURE DEFAULT INITIALIZATION OF RESOURCE | High (7.1) | ETIC Telecom Remote Access Server (RAS) | 7/27/2023 |
| CVE-2022-3703 | INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY | High (7.6) | ETIC Telecom Remote Access Server (RAS) | 7/27/2023 |
| CVE-2022-41607 | IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) | Medium (6.2) | ETIC Telecom Remote Access Server (RAS) | 7/27/2023 |
| CVE-2022-40981 | UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS | Medium (5.9) | ETIC Telecom Remote Access Server (RAS) | 7/27/2023 |
| CVE-2021-38470 | OS Command Injection (RCE) | Critical (9.1) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38478 | OS Command Injection (RCE) | Critical (9.1) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38472 | Improper Restriction Of Rendered | Medium (4.7) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38486 | Improper Authorization | High (8.0) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38480 | Cross-Site Request Forgery (CSRF) | Critical (9.6) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38464 | Inadequate Encryption Strength | Medium (6.4) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38474 | Improper Restriction Of Excessive Authentication Attempts | Medium (6.3) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38484 | Unrestricted Upload Of File With Dangerous Type | Critical (9.1) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38466 | Cross-Site Scripting (XSS) | Medium (8.8) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38482 | Cross-Site Scripting (XSS) | Medium (8.7) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38468 | Cross-Site Scripting (XSS) | Medium (8.7) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38476 | Observable Response Discrepancy | Medium (6.5) | InHand IR615 Router | 10/19/2021 |
| CVE-2021-38462 | Weak Password Requirements | Critical (9.8) | InHand IR615 Router | 10/19/2021 |
| CVE-2020-35557 | Improper Privilege Management | Medium (6.5) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-12527 | Improper Privilege Management | Medium (6.5) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-12528 | Improper Privilege Management | Medium (6.5) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35570 | Files or Directories Accessible to External Parties | Medium (5.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35558 | Server-Side Request Forgery (SSRF) | Medium (5.8) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-12529 | Server-Side Request Forgery (SSRF) | Medium (5.8) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35560 | Open Redirect | Medium (4.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-12530 | Cross Site Scripting (XSS) | Medium (4.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35563 | Cross Site Scripting (XSS) | Low (3.5) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35564 | Cross Site Scripting (XSS) | Medium (4.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35569 | Cross Site Scripting (XSS) | Low (3.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35566 | Local File Inclusion (LFI) | Medium (5.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35559 | Denial Of Service (DOS) | Medium (4.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35568 | Sensitive Information Disclosure | Medium (4.3) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35567 | Shared Password | High (7.8) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35565 | Insecure Default Initialization of Resource | Medium (5.9) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-35561 | Server-Side Request Forgery (SSRF) | Medium (5.8) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-10384 | Improper Privilege Management | High (7.8) | mbCONNECT24, mymbCONNECT24 | 03/02/2021 |
| CVE-2020-11641 | Local File Inclusion Vulnerability | High (7.7) | B&R Industrial Automation, SiteManager | 09/29/2020 |
| CVE-2020-11642 | Denial of Service via Local File Inclusion Vulnerability | High (7.7) | B&R Industrial Automation, SiteManager | 09/29/2020 |
| CVE-2020-11643 | Information Disclosure Vulnerability | Medium (6.5) | B&R Industrial Automation, SiteManager, GateManager | 09/29/2020 |
| CVE-2020-11644 | Audit Message Spoofing Vulnerability | Medium (6.5) | B&R Industrial Automation, SiteManager, GateManager | 09/29/2020 |
| CVE-2020-11645 | Denial of Service Vulnerability | Medium (6.5) | B&R Industrial Automation, SiteManager, GateManager | 09/29/2020 |
| CVE-2020-11646 | Log Information Disclosure Vulnerability | Medium (4.3) | B&R Industrial Automation, SiteManager, GateManager | 09/29/2020 |
| CVE-2020-24570 | Server-Side Request Forgery | High (8.8) | mbCONNECT24, mymbCONNECT24 | 09/30/2020 |
| CVE-2020-24569 | Blind SQL injection | High (7.1) | mbCONNECT24, mymbCONNECT24 | 09/30/2020 |
| CVE-2020-24568 | Blind SQL injection | High (7.1) | mbCONNECT24, mymbCONNECT24 | 09/30/2020 |
| N/A | Unauthenticated Remote Code Execution | Critical (9.8) | mbCONNECT24, mymbCONNECT24 | 09/30/2020 |
| CVE-2017-13713 | Execution of Arbitrary Code | High (8.8) | T&W WIFI Repeater BE126 | 09/07/2017 |
| CVE-2017-8770 | Local File Inclusion Vulnerability | High (7.5) | T&W WIFI Repeater BE126 | 09/20/2017 |
| CVE-2017-8771 | Use of Hard-coded Credentials | Critical (9.8) | T&W WIFI Repeater BE126 | 09/20/2017 |
| CVE-2017-8772 | Use of Hard-coded Credentials | Critical (9.8) | T&W WIFI Repeater BE126 | 09/20/2017 |
| CVE-2013-3633 | Authorization Bypass | High (7.6) | Siemens Scalance X-200 | 12/10/2019 |
Media Publications
-
Critical Flaws Discovered in Popular Industrial Remote Access Systems
-
InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks
-
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
-
Security gaps found in MBConnect’s industrial remote access offering
-
FLAWS IN LEADING INDUSTRIAL REMOTE ACCESS SYSTEMS ALLOW DISRUPTION OF OPERATIONS
Bug Bounty Program Profiles
- Wordfence Bug Bounty - Researcher Profile - As of March 2025, I am ranked 225th on the All-Time Leaderboard with 13 All-Time Discoveries.