VYPR
Medium severity4.3NVD Advisory· Published Mar 16, 2026· Updated Apr 10, 2026

CVE-2026-29521

CVE-2026-29521

Description

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials to add RADIUS accounts, alter network settings, or trigger diagnostics.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*range: <=1.0.15
    • (no CPE)range: <= 1.0.15

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.