PT-2026-25783 · Shenzhen Hereta Technology Co. · Hereta Eth-Imc408M

Kazuma Matsumoto

·

Publicado

2026-03-16

·

Atualizado

2026-03-17

·

CVE-2026-29520

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Hereta ETH-IMC408M firmware versions prior to 1.0.15
Description The software contains a reflected cross-site scripting issue in the Network Diagnosis ping function. This allows attackers to execute arbitrary JavaScript. Attackers can create malicious links with script payloads injected into the ping ipaddr parameter. Successful exploitation can compromise authenticated administrator sessions when these links are visited.
Recommendations Update to a version prior to 1.0.15.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-29520

Produtos afetados

Hereta Eth-Imc408M