Search criteria
2 vulnerabilities by Millbeck Communications
CVE-2024-38380 (GCVE-0-2024-38380)
Vulnerability from cvelistv5 – Published: 2024-09-17 17:15 – Updated: 2024-09-17 19:38
VLAI
Title
Millbeck Communications Proroute H685t-w Cross-site Scripting.
Summary
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
Severity
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Millbeck Communications | Proroute H685t-w |
Affected:
3.2.334
|
Date Public
2024-09-17 16:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:37:51.399380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:38:39.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proroute H685t-w",
"vendor": "Millbeck Communications",
"versions": [
{
"status": "affected",
"version": "3.2.334"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-09-17T16:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:15:54.587Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMillbeck Communications recommends that users download the firmware patch \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://proroute.co.uk/current-firmware/\"\u003ev3.2.335 or higher\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ."
}
],
"source": {
"advisory": "ICSA-24-261-02",
"discovery": "EXTERNAL"
},
"title": "Millbeck Communications Proroute H685t-w Cross-site Scripting.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-38380",
"datePublished": "2024-09-17T17:15:54.587Z",
"dateReserved": "2024-09-12T17:38:03.814Z",
"dateUpdated": "2024-09-17T19:38:39.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45682 (GCVE-0-2024-45682)
Vulnerability from cvelistv5 – Published: 2024-09-17 17:13 – Updated: 2024-09-17 20:07
VLAI
Title
Millbeck Communications Proroute H685t-w Command Injection.
Summary
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
Severity
8.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Millbeck Communications | Proroute H685t-w |
Affected:
3.2.334
|
Date Public
2024-09-17 16:28
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:millbeck_communications:proroute_h685t-w:3.2.334:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "proroute_h685t-w",
"vendor": "millbeck_communications",
"versions": [
{
"status": "affected",
"version": "3.2.334"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:44:31.518028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:07:31.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proroute H685t-w",
"vendor": "Millbeck Communications",
"versions": [
{
"status": "affected",
"version": "3.2.334"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-09-17T16:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a command injection vulnerability that may allow an attacker to inject malicious input on the device\u0027s operating system.\u003c/span\u003e"
}
],
"value": "There is a command injection vulnerability that may allow an attacker to inject malicious input on the device\u0027s operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:18.655Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMillbeck Communications recommends that users download the firmware patch \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://proroute.co.uk/current-firmware/\"\u003ev3.2.335 or higher\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ."
}
],
"source": {
"advisory": "ICSA-24-261-02",
"discovery": "EXTERNAL"
},
"title": "Millbeck Communications Proroute H685t-w Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-45682",
"datePublished": "2024-09-17T17:13:18.655Z",
"dateReserved": "2024-09-12T17:38:03.831Z",
"dateUpdated": "2024-09-17T20:07:31.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}