10 matches found
CVE-2026-29510
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29520
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29513
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...
CVE-2026-29520
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...
CVE-2026-29520
The CVE-2026-29520 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. It is a reflected XSS in the Network Diagnosis ping function via the ping_ipaddr parameter, allowing an attacker to execute arbitrary JavaScript and potentially compromise an authenticated administrator session. CVSS 4.0 b...
Hereta ETH-IMC408M 跨站请求伪造漏洞
The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site request forgery vulnerability. This vulnerability stemmed from a lack of cross-site request forgery protection in the...
Hereta ETH-IMC408M 跨站脚本漏洞
The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the Device Location field, which could lead ...
PT-2026-25783
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping ipaddr parameter ...
PT-2026-25782
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...