CVE-2026-29520

CVSS v3.1

6.1

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping ipaddr parameter to compromise authenticated administrator sessions when the links are visited.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-29520

Affected Products

Hereta Eth-Imc408M

CVE-2026-29520

Weakness Enumeration

Related Identifiers

Affected Products

References · 4