CVE's

Over the years, my security research projects have led to the discovery of a total of 68 CVE’s, all of which were classified as Zero-Day vulnerabilities.

For more information, refer to my LinkedIn profile.

CVE Number	Description	Severity	Affected Software	Date Disclosure
CVE-2025-1913	Authenticated (Admin+) PHP Object Injection	High (7.2)	Product Import Export for WooCommerce By WebToffee	3/25/2025
CVE-2025-1912	Server-Side Request Forgery	High (7.6)	Product Import Export for WooCommerce By WebToffee	3/25/2025
CVE-2025-1911	Directory Traversal to Authenticated Limited Arbitrary File Deletion	Low (2.7)	Product Import Export for WooCommerce By WebToffee	3/25/2025
CVE-2025-1769	Directory Traversal to Authenticated Limited Arbitrary File Read	Medium (4.9)	Product Import Export for WooCommerce By WebToffee	3/25/2025
CVE-2025-1973	Directory Traversal to Authenticated Limited Arbitrary File Read	Medium (4.9)	Export and Import Users and Customers By WebToffee	3/21/2025
CVE-2025-1972	Directory Traversal to Authenticated Limited Arbitrary File Deletion	Low (2.7)	Export and Import Users and Customers By WebToffee	3/21/2025
CVE-2025-1971	Authenticated (Admin+) PHP Object Injection	High (7.2)	Export and Import Users and Customers By WebToffee	3/21/2025
CVE-2025-1970	Authenticated (Administrator+) Server-Side Request Forgery	High (7.6)	Export and Import Users and Customers By WebToffee	3/21/2025
CVE-2024-13920	Directory Traversal to Authenticated Limited Arbitrary File Read	Medium (4.9)	Order Export & Order Import for WooCommerce By WebToffee	3/19/2025
CVE-2024-13921	Authenticated (Admin+) PHP Object Injection	High (7.2)	Order Export & Order Import for WooCommerce By WebToffee	3/19/2025
CVE-2024-13922	Directory Traversal to Authenticated Limited Arbitrary File Deletion	Low (2.7)	Order Export & Order Import for WooCommerce By WebToffee	3/19/2025
CVE-2024-13923	Authenticated (Administrator+) Server-Side Request Forgery	High (7.6)	Order Export & Order Import for WooCommerce By WebToffee	3/19/2025
CVE-2024-12309	Unauthenticated Insecure Direct Object Reference	Medium (5.3)	Star Rating Plugin by FeedbackWP	12/12/2024
CVE-2024-26156	Reflected cross-site scripting vulnerability in the method parameter	Medium (4.8)	ETIC Telecom Remote Access Server (RAS)	12/3/2024
CVE-2024-26157	Reflected cross-site scripting vulnerability in get view method under view parameter	Medium (5.3)	ETIC Telecom Remote Access Server (RAS)	12/3/2024
CVE-2024-26154	Reflected cross-site scripting vulnerability in the appliance site name	Medium (4.8)	ETIC Telecom Remote Access Server (RAS)	12/3/2024
CVE-2024-26155	Cleartext transmission of sensitive information in the web portal	Medium (6.1)	ETIC Telecom Remote Access Server (RAS)	12/3/2024
CVE-2024-26153	Cross-site request forgery vulnerability lead to denial of service	Medium (6.3)	ETIC Telecom Remote Access Server (RAS)	12/3/2024
CVE-2023-3453	INSECURE DEFAULT INITIALIZATION OF RESOURCE	High (7.1)	ETIC Telecom Remote Access Server (RAS)	7/27/2023
CVE-2022-3703	INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY	High (7.6)	ETIC Telecom Remote Access Server (RAS)	7/27/2023
CVE-2022-41607	IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’)	Medium (6.2)	ETIC Telecom Remote Access Server (RAS)	7/27/2023
CVE-2022-40981	UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS	Medium (5.9)	ETIC Telecom Remote Access Server (RAS)	7/27/2023
CVE-2021-38470	OS Command Injection (RCE)	Critical (9.1)	InHand IR615 Router	10/19/2021
CVE-2021-38478	OS Command Injection (RCE)	Critical (9.1)	InHand IR615 Router	10/19/2021
CVE-2021-38472	Improper Restriction Of Rendered	Medium (4.7)	InHand IR615 Router	10/19/2021
CVE-2021-38486	Improper Authorization	High (8.0)	InHand IR615 Router	10/19/2021
CVE-2021-38480	Cross-Site Request Forgery (CSRF)	Critical (9.6)	InHand IR615 Router	10/19/2021
CVE-2021-38464	Inadequate Encryption Strength	Medium (6.4)	InHand IR615 Router	10/19/2021
CVE-2021-38474	Improper Restriction Of Excessive Authentication Attempts	Medium (6.3)	InHand IR615 Router	10/19/2021
CVE-2021-38484	Unrestricted Upload Of File With Dangerous Type	Critical (9.1)	InHand IR615 Router	10/19/2021
CVE-2021-38466	Cross-Site Scripting (XSS)	Medium (8.8)	InHand IR615 Router	10/19/2021
CVE-2021-38482	Cross-Site Scripting (XSS)	Medium (8.7)	InHand IR615 Router	10/19/2021
CVE-2021-38468	Cross-Site Scripting (XSS)	Medium (8.7)	InHand IR615 Router	10/19/2021
CVE-2021-38476	Observable Response Discrepancy	Medium (6.5)	InHand IR615 Router	10/19/2021
CVE-2021-38462	Weak Password Requirements	Critical (9.8)	InHand IR615 Router	10/19/2021
CVE-2020-35557	Improper Privilege Management	Medium (6.5)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-12527	Improper Privilege Management	Medium (6.5)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-12528	Improper Privilege Management	Medium (6.5)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35570	Files or Directories Accessible to External Parties	Medium (5.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35558	Server-Side Request Forgery (SSRF)	Medium (5.8)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-12529	Server-Side Request Forgery (SSRF)	Medium (5.8)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35560	Open Redirect	Medium (4.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-12530	Cross Site Scripting (XSS)	Medium (4.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35563	Cross Site Scripting (XSS)	Low (3.5)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35564	Cross Site Scripting (XSS)	Medium (4.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35569	Cross Site Scripting (XSS)	Low (3.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35566	Local File Inclusion (LFI)	Medium (5.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35559	Denial Of Service (DOS)	Medium (4.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35568	Sensitive Information Disclosure	Medium (4.3)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35567	Shared Password	High (7.8)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35565	Insecure Default Initialization of Resource	Medium (5.9)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-35561	Server-Side Request Forgery (SSRF)	Medium (5.8)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-10384	Improper Privilege Management	High (7.8)	mbCONNECT24, mymbCONNECT24	03/02/2021
CVE-2020-11641	Local File Inclusion Vulnerability	High (7.7)	B&R Industrial Automation, SiteManager	09/29/2020
CVE-2020-11642	Denial of Service via Local File Inclusion Vulnerability	High (7.7)	B&R Industrial Automation, SiteManager	09/29/2020
CVE-2020-11643	Information Disclosure Vulnerability	Medium (6.5)	B&R Industrial Automation, SiteManager, GateManager	09/29/2020
CVE-2020-11644	Audit Message Spoofing Vulnerability	Medium (6.5)	B&R Industrial Automation, SiteManager, GateManager	09/29/2020
CVE-2020-11645	Denial of Service Vulnerability	Medium (6.5)	B&R Industrial Automation, SiteManager, GateManager	09/29/2020
CVE-2020-11646	Log Information Disclosure Vulnerability	Medium (4.3)	B&R Industrial Automation, SiteManager, GateManager	09/29/2020
CVE-2020-24570	Server-Side Request Forgery	High (8.8)	mbCONNECT24, mymbCONNECT24	09/30/2020
CVE-2020-24569	Blind SQL injection	High (7.1)	mbCONNECT24, mymbCONNECT24	09/30/2020
CVE-2020-24568	Blind SQL injection	High (7.1)	mbCONNECT24, mymbCONNECT24	09/30/2020
N/A	Unauthenticated Remote Code Execution	Critical (9.8)	mbCONNECT24, mymbCONNECT24	09/30/2020
CVE-2017-13713	Execution of Arbitrary Code	High (8.8)	T&W WIFI Repeater BE126	09/07/2017
CVE-2017-8770	Local File Inclusion Vulnerability	High (7.5)	T&W WIFI Repeater BE126	09/20/2017
CVE-2017-8771	Use of Hard-coded Credentials	Critical (9.8)	T&W WIFI Repeater BE126	09/20/2017
CVE-2017-8772	Use of Hard-coded Credentials	Critical (9.8)	T&W WIFI Repeater BE126	09/20/2017
CVE-2013-3633	Authorization Bypass	High (7.6)	Siemens Scalance X-200	12/10/2019

Media Publications