PT-2026-25784 · Shenzhen Hereta Technology Co. · Hereta Eth-Imc408M
Kazuma Matsumoto
·
Published
2026-03-16
·
Updated
2026-03-17
·
CVE-2026-29521
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hereta ETH-IMC408M firmware versions prior to 1.0.15
Description
The Hereta ETH-IMC408M firmware contains a cross-site request forgery issue that allows attackers to modify device configuration. This is due to missing Cross-Site Request Forgery (CSRF) protections in the
setup.cgi file. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials. These requests can be used to add RADIUS accounts, alter network settings, or trigger diagnostics. The vulnerable component is the setup.cgi file, which lacks CSRF protections.Recommendations
Update to a version of Hereta ETH-IMC408M firmware later than 1.0.15.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hereta Eth-Imc408M