← volver
CVE-2026-29513

Hereta ETH-IMC408M Stored XSS via Device Location

CVSS 5.1 MEDIUMEPSS 0.1%CWE-79
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that execute in browsers of users viewing the status page without input sanitation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Shenzhen Hereta Technology Co., Ltd. · Hereta ETH-IMC408M

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://web.archive.org/web/20250820105319/http://hereta.com/https://www.vulncheck.com/advisories/hereta-eth-imc408m-stored-xss-via-device-location