CVE-2024-45682
published 2024-09-17CVE-2024-45682: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.02%
78.5th percentile
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| millbeck | proroute_h685t-w_firmware | — | — |
| millbeck_communications | proroute_h685t-w | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device is Millbeck Communications Proroute H685t-w Version 3.2.334 — a 4G router. Detect exploitation attempts targeting its web management interface for command injection (CWE-77) by authenticated low-privileged users. ↗
- →CVE-2024-45682 is remotely exploitable with low attack complexity and requires only low privileges (CVSS vector AV:N/AC:L/PR:L/UI:N). Monitor for authenticated web requests to the Proroute H685t-w management interface containing shell metacharacters or command separators in user-supplied fields. ↗
- →Affected product version is 3.2.334. Inventory and flag any Proroute H685t-w devices running firmware below 3.2.335 as unpatched and at risk. ↗
- ·No known public exploitation has been reported at time of advisory publication. No specific exploit code, payloads, IOCs (hashes, IPs, domains, URLs) were disclosed in the available sources. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Millbeck Communications Proroute H685t-w
cisa_ics·2024-09-17·CVSS 5.5
[MEDIUM] Millbeck Communications Proroute H685t-w
ICS Advisory
##
Millbeck Communications Proroute H685t-w
Release DateSeptember 17, 2024
Alert CodeICSA-24-261-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Millbeck Communications
- Equipment: Proroute H685t-w
- Vulnerabilities: Command Injection, Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected:
- Proroute H685t-w: Version 3.
GHSA
GHSA-p7pw-3rg9-hpxm: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system
ghsa_unreviewed·2024-09-17
CVE-2024-45682 [HIGH] CWE-77 GHSA-p7pw-3rg9-hpxm: There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-17
Published