Search
Find a vulnerability
Search criteria
2 vulnerabilities found for proroute_h685t-w_firmware by millbeckcommunications
CVE-2024-38380 (GCVE-0-2024-38380)
Vulnerability from nvd – Published: 2024-09-17 17:15 – Updated: 2024-09-17 19:38
VLAI
EPSS
VEX
Title
Millbeck Communications Proroute H685t-w Cross-site Scripting.
Summary
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Millbeck Communications | Proroute H685t-w |
Affected:
3.2.334
|
Date Public
2024-09-17 16:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:37:51.399380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:38:39.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proroute H685t-w",
"vendor": "Millbeck Communications",
"versions": [
{
"status": "affected",
"version": "3.2.334"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-09-17T16:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:15:54.587Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMillbeck Communications recommends that users download the firmware patch \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://proroute.co.uk/current-firmware/\"\u003ev3.2.335 or higher\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ."
}
],
"source": {
"advisory": "ICSA-24-261-02",
"discovery": "EXTERNAL"
},
"title": "Millbeck Communications Proroute H685t-w Cross-site Scripting.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-38380",
"datePublished": "2024-09-17T17:15:54.587Z",
"dateReserved": "2024-09-12T17:38:03.814Z",
"dateUpdated": "2024-09-17T19:38:39.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38380 (GCVE-0-2024-38380)
Vulnerability from cvelistv5 – Published: 2024-09-17 17:15 – Updated: 2024-09-17 19:38
VLAI
EPSS
VEX
Title
Millbeck Communications Proroute H685t-w Cross-site Scripting.
Summary
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Millbeck Communications | Proroute H685t-w |
Affected:
3.2.334
|
Date Public
2024-09-17 16:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:37:51.399380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:38:39.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proroute H685t-w",
"vendor": "Millbeck Communications",
"versions": [
{
"status": "affected",
"version": "3.2.334"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-09-17T16:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user\u0027s browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:15:54.587Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMillbeck Communications recommends that users download the firmware patch \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://proroute.co.uk/current-firmware/\"\u003ev3.2.335 or higher\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ."
}
],
"source": {
"advisory": "ICSA-24-261-02",
"discovery": "EXTERNAL"
},
"title": "Millbeck Communications Proroute H685t-w Cross-site Scripting.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-38380",
"datePublished": "2024-09-17T17:15:54.587Z",
"dateReserved": "2024-09-12T17:38:03.814Z",
"dateUpdated": "2024-09-17T19:38:39.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}