//

Publications

CVEs discovered, research publications, and security disclosures from my work in vulnerability research and security engineering.

//

CVE Discoveries

CVE-2019-5071 HIGH (7.8)

Tenda AC9 Router Command Injection Vulnerability (DNS1 Parameter)

Command injection vulnerability in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router. A specially crafted HTTP POST request can cause command injection in the DNS1 post parameter, resulting in code execution.

NVD Details Talos Advisory
CVE-2019-5072 HIGH (7.8)

Tenda AC9 Router Command Injection Vulnerability (DNS2 Parameter)

Command injection vulnerability in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router. A specially crafted HTTP POST request can cause command injection in the DNS2 post parameter, resulting in code execution.

NVD Details Talos Advisory
//

Conference Talks

Conference talks and presentations coming soon...

//

Open Source Contributions

Re2Pcap

Create PCAP files from raw HTTP requests/responses. Open-sourced via Cisco Talos.

PhishGuard

AI-powered phishing detection for Thunderbird. Privacy-preserving security tool.