CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38380 – Millbeck Communications Proroute H685t-w Cross-site Scripting.
https://notcve.org/view.php?id=CVE-2024-38380
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45682 – Millbeck Communications Proroute H685t-w Command Injection.
https://notcve.org/view.php?id=CVE-2024-45682
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •