VYPR
Medium severity6.1NVD Advisory· Published Mar 16, 2026· Updated Apr 10, 2026

CVE-2026-29520

CVE-2026-29520

Description

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*range: <=1.0.15
    • (no CPE)range: <=1.0.15

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.