CVE-2026-29513
Stored XSS in Hereta ETH-IMC408M Firmware Allows Script Injection
Publication date: 2026-03-16
Last updated on: 2026-04-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hereta | eth-imc408m_firmware | to 1.0.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29513 is a stored cross-site scripting (XSS) vulnerability found in the Hereta ETH-IMC408M device firmware version 1.0.15 and earlier.
The vulnerability occurs because the Device Location field does not properly sanitize input, allowing authenticated attackers to inject arbitrary JavaScript code.
This malicious script is stored and later executed in the browsers of users who view the System Status interface, potentially compromising their browsing session.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject malicious JavaScript into the System Status page viewed by other users.
When users access this page, the injected script executes in their browsers, which could lead to session hijacking, unauthorized actions, or other client-side attacks.
However, the CVSS score indicates there is no direct impact on confidentiality, integrity, or availability of the device itself.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Device Location field in the System Status interface of the Hereta ETH-IMC408M device is vulnerable to stored cross-site scripting (XSS) attacks. Since the vulnerability involves injection of arbitrary JavaScript by manipulating this field, detection involves verifying whether input sanitization is missing.'}, {'type': 'paragraph', 'content': "A practical approach is to authenticate to the device's management interface and attempt to inject a harmless JavaScript payload into the Device Location field, then observe if the script executes when viewing the System Status page."}, {'type': 'list_item', 'content': 'Use curl or similar tools to fetch the System Status page and inspect the Device Location field for injected scripts.'}, {'type': 'list_item', 'content': 'Example command to fetch the status page (replace IP and credentials accordingly):'}, {'type': 'list_item', 'content': 'curl -u username:password http://<device-ip>/system_status'}, {'type': 'list_item', 'content': 'Manually inspect the output for suspicious JavaScript code in the Device Location field.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the device's management interface to trusted users only, as the vulnerability requires authenticated access."}, {'type': 'paragraph', 'content': 'Avoid entering untrusted or suspicious input into the Device Location field to prevent injection of malicious scripts.'}, {'type': 'paragraph', 'content': 'Monitor and audit the Device Location field for any unexpected or suspicious content.'}, {'type': 'paragraph', 'content': 'Contact the vendor or check for firmware updates beyond version 1.0.15 that address this vulnerability and apply them as soon as they become available.'}] [1]