cbcvebase.
CVE-2024-45682
published 2024-09-17

CVE-2024-45682: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.02%
78.5th percentile
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

Affected

2 ranges
VendorProductVersion rangeFixed in
millbeckproroute_h685t-w_firmware
millbeck_communicationsproroute_h685t-w

Detection & IOCsextracted from sources · hover to see the quote

  • Target device is Millbeck Communications Proroute H685t-w Version 3.2.334 — a 4G router. Detect exploitation attempts targeting its web management interface for command injection (CWE-77) by authenticated low-privileged users.
  • CVE-2024-45682 is remotely exploitable with low attack complexity and requires only low privileges (CVSS vector AV:N/AC:L/PR:L/UI:N). Monitor for authenticated web requests to the Proroute H685t-w management interface containing shell metacharacters or command separators in user-supplied fields.
  • Affected product version is 3.2.334. Inventory and flag any Proroute H685t-w devices running firmware below 3.2.335 as unpatched and at risk.
  • ·No known public exploitation has been reported at time of advisory publication. No specific exploit code, payloads, IOCs (hashes, IPs, domains, URLs) were disclosed in the available sources.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.