Medium severity6.1NVD Advisory· Published Mar 16, 2026· Updated Apr 10, 2026
CVE-2026-29520
CVE-2026-29520
Description
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*range: <=1.0.15
- (no CPE)range: <=1.0.15
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.