CVE-2026-29510

Name of the Vulnerable Software and Affected Versions Hereta ETH-IMC408M firmware versions prior to 1.0.15

Description The software contains a stored cross-site scripting issue that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface. These scripts execute in the browsers of users viewing the status page because of a lack of input sanitation.

Recommendations Update to a version newer than 1.0.15.