CVE-2026-29520
Reflected XSS in Hereta ETH-IMC408M Ping Function Risks Admin Sessions
Publication date: 2026-03-16
Last updated on: 2026-04-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hereta | eth-imc408m_firmware | to 1.0.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-29520 is a reflected cross-site scripting (XSS) vulnerability found in the Hereta ETH-IMC408M firmware version 1.0.15 and earlier. It exists in the Network Diagnosis ping function, specifically in the handling of the ping_ipaddr parameter.'}, {'type': 'paragraph', 'content': 'The vulnerability allows attackers to inject arbitrary JavaScript code by crafting malicious URLs containing script payloads in the ping_ipaddr parameter. When an authenticated administrator clicks on such a malicious link, the injected script executes within their session.'}, {'type': 'paragraph', 'content': "This can lead to the compromise of the administrator's session and is classified under CWE-79, which involves improper neutralization of input during web page generation."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code within the context of an authenticated administrator's session."}, {'type': 'paragraph', 'content': "If an administrator visits a maliciously crafted link exploiting this vulnerability, their session can be compromised, potentially leading to unauthorized actions or access within the device's management interface."}, {'type': 'paragraph', 'content': 'The attack requires user interaction (clicking the malicious link) but does not require any privileges or prior access.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP requests containing the `ping_ipaddr` parameter with suspicious or script-injected values targeting the Network Diagnosis ping function of the Hereta ETH-IMC408M device.'}, {'type': 'paragraph', 'content': 'You can use network traffic inspection tools or web proxy logs to identify such requests.'}, {'type': 'list_item', 'content': 'Use a command like `tcpdump` or `tshark` to capture HTTP traffic and filter for the `ping_ipaddr` parameter, for example: `tshark -Y \'http.request.uri contains "ping_ipaddr"\'`.'}, {'type': 'list_item', 'content': 'Search web server or device logs for URLs containing `ping_ipaddr` with suspicious script tags or encoded JavaScript payloads.'}, {'type': 'list_item', 'content': 'Perform manual or automated testing by crafting URLs with script payloads in the `ping_ipaddr` parameter and observing if the device reflects the input without proper sanitization.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Network Diagnosis ping function to trusted administrators only and avoiding clicking on suspicious or untrusted links containing the `ping_ipaddr` parameter.
Ensure that only authenticated administrators access the device interface and educate them about the risk of reflected XSS via malicious URLs.
If possible, update the firmware to a version later than 1.0.15 once a patch is available from the vendor.
As a temporary workaround, consider implementing web application firewall (WAF) rules to detect and block requests containing suspicious script payloads in the `ping_ipaddr` parameter.