CVE-2026-29510 in Hereta ETH-IMC408M
Summary
by MITRE • 03/16/2026
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execute in browsers of users viewing the status page without input sanitation.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/21/2026
This vulnerability resides in the Hereta ETH-IMC408M network monitoring device firmware where version 1.0.15 and earlier contain a critical stored cross-site scripting flaw that represents a significant security risk for network administrators and end users. The vulnerability specifically affects the Device Name field within the System Status interface, where input validation is insufficient to prevent malicious script injection. This weakness allows authenticated attackers who have already gained access to the device to manipulate the device name field and inject arbitrary JavaScript code that gets stored within the device's configuration. The flaw stems from inadequate sanitization of user-supplied input during the device name update process, creating an environment where malicious payloads can persist and execute when other users view the system status page. The vulnerability manifests as a stored XSS attack because the malicious scripts are permanently saved within the device's memory rather than being reflected in a single request, making it particularly dangerous for persistent attacks. This issue directly maps to CWE-79 which defines cross-site scripting vulnerabilities as the failure to properly sanitize user input before including it in web output. The attack vector requires an authenticated session, meaning that an adversary must first compromise credentials or gain legitimate access to the device's management interface before exploiting this weakness. According to ATT&CK framework, this vulnerability aligns with T1566.001 which covers credential harvesting through phishing and T1059.007 which involves the execution of scripts through web applications. The operational impact of this vulnerability extends beyond simple script execution as it could enable attackers to steal session cookies, perform unauthorized device configuration changes, or redirect users to malicious sites. Network administrators who regularly monitor system status pages become primary targets for this attack, as their browsers will execute the stored malicious scripts when viewing the compromised device information. The vulnerability's persistence makes it particularly concerning since once exploited, the malicious code will continue to execute for all users who view the affected status page until the device is rebooted or the device name is manually corrected. This stored XSS vulnerability creates a potential attack surface for privilege escalation, as attackers could use the malicious scripts to gain additional access to other network resources or manipulate device functionality. The risk is compounded by the fact that many network monitoring devices are accessed through web interfaces that maintain persistent sessions, increasing the window of opportunity for exploitation. Organizations using this device should immediately implement mitigation strategies including firmware updates, input sanitization measures, and network segmentation to reduce the attack surface. The vulnerability demonstrates the critical importance of proper input validation in web applications and highlights how even authenticated access can be leveraged for persistent attacks when proper security controls are not implemented. Security teams should conduct thorough assessments of their device inventories to identify similar vulnerabilities in other network monitoring equipment and ensure that all firmware is kept current with security patches. The flaw underscores the necessity of implementing comprehensive security controls including regular vulnerability assessments, input validation frameworks, and user access controls to prevent unauthorized modifications to network device configurations.