{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29520", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-04T15:39:26.872Z", "datePublished": "2026-03-16T16:55:52.660Z", "dateUpdated": "2026-03-17T15:29:29.391Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-17T15:29:29.391Z"}, "title": "Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "affected": [{"vendor": "Shenzhen Hereta Technology Co., Ltd.", "product": "Hereta ETH-IMC408M", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.0.15", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited."}]}], "references": [{"url": "https://web.archive.org/web/20250820105319/http://hereta.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/hereta-eth-imc408m-reflected-xss-via-ping-ipaddr-parameter", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T18:09:04.040834Z", "id": "CVE-2026-29520", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:09:17.032Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29520", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T18:09:04.040834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:09:13.372Z"}}], "cna": {"title": "Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Shenzhen Hereta Technology Co., Ltd.", "product": "Hereta ETH-IMC408M", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.15"}], "defaultStatus": "unknown"}], "references": [{"url": "https://web.archive.org/web/20250820105319/http://hereta.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/hereta-eth-imc408m-reflected-xss-via-ping-ipaddr-parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.", "supportingMedia": [{"type": "text/html", "value": "Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-17T15:29:29.391Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29520", "state": "PUBLISHED", "dateUpdated": "2026-03-17T15:29:29.391Z", "dateReserved": "2026-03-04T15:39:26.872Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-16T16:55:52.660Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hereta:eth-imc408m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E114378-9A8F-4EC3-A7B3-89DF7D6BBEC0", "versionEndIncluding": "1.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hereta:eth-imc408m:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C670E1-A5ED-4FC7-8150-0B62411371F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited."}, {"lang": "es", "value": "El firmware Hereta ETH-IMC408M versi\u00f3n 1.0.15 y anteriores contienen una vulnerabilidad de cross-site scripting reflejado en la funci\u00f3n de ping de Diagn\u00f3stico de Red que permite a los atacantes ejecutar JavaScript arbitrario. Los atacantes pueden crear enlaces maliciosos con cargas \u00fatiles de script inyectadas en el par\u00e1metro ping_ipaddr para comprometer sesiones de administrador autenticadas cuando se visitan los enlaces."}], "id": "CVE-2026-29520", "lastModified": "2026-04-10T17:43:45.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T18:16:08.347", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://web.archive.org/web/20250820105319/http://hereta.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/hereta-eth-imc408m-reflected-xss-via-ping-ipaddr-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.15]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Hereta ETH-IMC408M", "source": "cna", "vendor": "Shenzhen Hereta Technology Co., Ltd."}, "product": "hereta_eth-imc408m", "vendor": "shenzhen_hereta_technology"}], "analysis": {"en": {"generated_at": "2026-03-17T12:35:19.134980+00:00", "value": {"mitigation_remediation": ["Check for and install the latest firmware update from Shenzhen Hereta Technology.", "If an official fix is not yet available, disable or restrict the Network Diagnosis ping function in the device\u2019s web interface.", "Limit administrator access to trusted networks and enforce strong authentication mechanisms.", "Educate system administrators to avoid clicking suspicious links.", "Monitor the device for anomalous activity."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution via Reflected XSS"}, "threat_synthesis": {"affected_systems": "The vulnerability affects devices from Shenzhen Hereta Technology Co., Ltd., specifically the Hereta ETH\u2011IMC408M model. Firmware versions 1.0.15 and earlier are vulnerable; any unit running these versions remains susceptible until updated.", "description_and_impact": "Hereta ETH\u2011IMC408M firmware version 1.0.15 and earlier contain a reflected cross\u2011site scripting vulnerability (CWE\u201179) in the Network Diagnosis ping function. The flaw allows an attacker to inject arbitrary JavaScript into the ping_ipaddr parameter. When an authenticated administrator visits a crafted link, the script executes within the administrator\u2019s browser session, potentially enabling arbitrary code execution on the device or within the administrator\u2019s context.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity. EPSS data is unavailable and the flaw is not listed in the CISA KEV catalog, suggesting limited real\u2011world exploitation evidence. Exploitation requires an authenticated administrator to click a malicious link, making it a client\u2011side XSS scenario. If the link is visited, the exploit succeeds; otherwise the vulnerability remains dormant. Overall risk is moderate but should be mitigated promptly to prevent potential compromise of administrator sessions."}}}}, "created": "2026-03-17T09:52:32.515165+00:00", "updated": "2026-03-24T10:50:13.156710+00:00", "vendors": ["shenzhen_hereta_technology", "shenzhen_hereta_technology$PRODUCT$hereta_eth-imc408m"]}