Proroute H685 4G router vulnerabilities

This report details two vulnerabilities in Proroute H685t-w 4G routers running firmware 3.2.334: a high-severity authenticated command injection in the OpenConnect and PPTP admin pages enabling OS command execution upon saving settings, and a medium-severity reflected XSS in the file browser that can exfiltrate session cookies; it provides PoC HTTP requests and a Python exploit script, and advises upgrading to 3.2.335 or later, sanitizing inputs/avoiding unsafe exec calls, and enforcing HttpOnly/Secure/SameSite cookies and CSP.