Hereta ETH-IMC408M Cross-Site Request Forgery Vulnerability in Firmware through 1.0.15

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Hereta ETH-IMC408M firmware, affecting versions through 1.0.15. This vulnerability allows attackers to modify device configurations by exploiting the absence of CSRF protections in the 'setup.cgi' file. Attackers can create malicious web pages that send forged requests, using automatically included HTTP Basic Authentication credentials, to manipulate device settings. This could include adding RADIUS accounts, changing network configurations, or initiating diagnostic processes.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of the device's configuration, potentially allowing for unauthorized access or disruption of services.

Added: Mar 16, 2026, 6:25 PM

Updated: Mar 16, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.8

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.8

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hereta ETH-IMC408M Cross-Site Request Forgery Vulnerability in Firmware through 1.0.15

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating