Skip to main content

Eth Imc408M Firmware

4 CVEs product

Monthly

CVE-2026-29521 MEDIUM This Month

Hereta ETH-IMC408M devices running firmware 1.0.15 and earlier are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to modify device configuration through setup.cgi, including adding RADIUS accounts and altering network settings. The vulnerability exploits missing CSRF protections combined with automatic inclusion of HTTP Basic Authentication credentials, requiring only user interaction to trigger the attack. No patch is currently available.

CSRF Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29520 MEDIUM This Month

Reflected XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables attackers to inject malicious scripts through the Network Diagnosis ping function's ping_ipaddr parameter. An attacker can craft a malicious link that, when clicked by an authenticated administrator, executes arbitrary JavaScript in their browser session, potentially compromising the device. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29513 MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware v1.0.15 and earlier allows authenticated users to execute arbitrary JavaScript in other users' browsers via unsanitized input in the Device Location field on the System Status interface. An attacker with valid credentials can inject malicious scripts that persist and execute when legitimate users access the status page, potentially enabling session hijacking or credential theft. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29510 MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables authenticated attackers to execute arbitrary JavaScript in the System Status interface by injecting malicious code through the Device Name field. The vulnerability affects any user viewing the compromised status page, potentially leading to session hijacking or credential theft. No patch is currently available for this issue.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

Hereta ETH-IMC408M devices running firmware 1.0.15 and earlier are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to modify device configuration through setup.cgi, including adding RADIUS accounts and altering network settings. The vulnerability exploits missing CSRF protections combined with automatic inclusion of HTTP Basic Authentication credentials, requiring only user interaction to trigger the attack. No patch is currently available.

CSRF Eth Imc408M Firmware
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Reflected XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables attackers to inject malicious scripts through the Network Diagnosis ping function's ping_ipaddr parameter. An attacker can craft a malicious link that, when clicked by an authenticated administrator, executes arbitrary JavaScript in their browser session, potentially compromising the device. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware v1.0.15 and earlier allows authenticated users to execute arbitrary JavaScript in other users' browsers via unsanitized input in the Device Location field on the System Status interface. An attacker with valid credentials can inject malicious scripts that persist and execute when legitimate users access the status page, potentially enabling session hijacking or credential theft. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables authenticated attackers to execute arbitrary JavaScript in the System Status interface by injecting malicious code through the Device Name field. The vulnerability affects any user viewing the compromised status page, potentially leading to session hijacking or credential theft. No patch is currently available for this issue.

XSS Eth Imc408M Firmware
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy