CVE-2026-29521
Hereta ETH-IMC408M CSRF via Configuration Setup
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials to add RADIUS accounts, alter network settings, or trigger diagnostics.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Shenzhen Hereta Technology Co., Ltd. · Hereta ETH-IMC408M¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →