PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-45682 Millbeck Communications CVE debrief

A command injection vulnerability in the Millbeck Communications Proroute H685t-w industrial cellular router allows authenticated attackers to execute arbitrary operating system commands. The vulnerability, published by CISA on September 17, 2024, carries a CVSS 3.1 score of 8.8 (High severity) with network attack vector, low attack complexity, and low privileges required. The affected product is specifically version 3.2.334 of the Proroute H685t-w router. Command injection flaws in industrial control system devices are particularly concerning as they can enable complete device compromise, potentially disrupting critical infrastructure communications or establishing persistent access for lateral movement into connected operational technology networks.

Vendor
Millbeck Communications
Product
Proroute H685t-w
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2024-09-17
Original CVE updated
2024-09-17
Advisory published
2024-09-17
Advisory updated
2024-09-17

Who should care

Organizations deploying Millbeck Communications Proroute H685t-w cellular routers in industrial, utility, transportation, or critical infrastructure environments should prioritize this vulnerability. System integrators, managed service providers supporting OT/ICS deployments, and security teams responsible for remote site connectivity infrastructure are particularly affected. Given the network-accessible nature of the vulnerability and its high severity score, any organization using the affected firmware version in production environments faces elevated risk of device compromise and potential disruption to critical communications links.

Technical summary

The Proroute H685t-w industrial cellular router version 3.2.334 contains a command injection vulnerability that permits authenticated attackers with low privileges to inject and execute malicious commands on the device's underlying operating system. The vulnerability is remotely exploitable over the network with low attack complexity, resulting in high impact to confidentiality, integrity, and availability of the affected device. This class of vulnerability typically arises from insufficient input validation in web management interfaces, command-line interfaces, or configuration processing functions where user-supplied data is passed to system shell commands without proper sanitization. Successful exploitation grants attackers full control over the router, enabling eavesdropping on network traffic, modification of routing rules, or use of the device as a pivot point for attacks against connected industrial networks.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade to firmware version 3.2.335 or higher immediately, as recommended by Millbeck Communications
  • Restrict network access to the router's management interface to trusted administrative hosts only
  • Implement network segmentation to isolate industrial cellular routers from critical operational technology networks
  • Monitor for unauthorized configuration changes or unexpected command execution on affected devices
  • Review and strengthen authentication controls for administrative access to router management interfaces
  • Apply CISA's recommended practices for industrial control systems security to the deployment environment

Evidence notes

CISA published advisory ICSA-24-261-02 on September 17, 2024, identifying this command injection vulnerability in the Proroute H685t-w router version 3.2.334. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network accessibility with low privilege requirements but high impact across confidentiality, integrity, and availability. The vendor has released firmware patch v3.2.335 or higher to address this issue.

Official resources

2024-09-17