CVE-2026-29521

Medium CVSS: 5.1

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials to add RADIUS accounts, alter network settings, or trigger diagnostics.

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-03-16 18:16:08

Güncelleme

2026-03-17 16:16:22

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://web.archive.org/web/20250820105319/http://hereta.com/ https://www.vulncheck.com/advisories/hereta-eth-imc408m-csrf-via-configuration-setup