VYPR

Eth Imc408m Firmware

by Hereta

CVEs (4)

  • CVE-2026-29520MedMar 16, 2026
    risk 0.40cvss 6.1epss 0.00

    Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the…

  • CVE-2026-29513MedMar 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status…

  • CVE-2026-29510MedMar 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status…

  • CVE-2026-29521MedMar 16, 2026
    risk 0.28cvss 4.3epss 0.00

    Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using…