CVE-2026-29510 identifies a stored cross-site scripting vulnerability in the firmware of the Hereta ETH-IMC408M device, specifically versions 1.0.15 and earlier. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. Authenticated users can manipulate the Device Name field to inject malicious JavaScript code that is stored persistently and later rendered unsanitized on the System Status web interface. When other users access this interface, the injected script executes in their browsers with the same privileges as the legitimate web application, potentially compromising user sessions or enabling further attacks such as phishing or malware delivery. The attack vector requires network access and valid credentials, but no additional user interaction beyond viewing the affected page. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - low privileges), user interaction required (UI:P), and limited scope and impact confined to integrity and availability with low confidentiality impact. No patches or known exploits are currently available, highlighting the need for proactive mitigation. The vulnerability affects embedded device firmware commonly used in network environments, making it a concern for organizations deploying these devices in critical infrastructure or enterprise settings.

The primary impact of this vulnerability is the potential compromise of user sessions and the execution of arbitrary scripts within the context of the affected device's web interface. This can lead to unauthorized actions performed on behalf of legitimate users, theft of sensitive information such as authentication tokens or credentials, and possible lateral movement within the network if attackers leverage the device as a foothold. Since the vulnerability requires authentication, the risk is somewhat mitigated by credential controls, but insider threats or compromised accounts could exploit it. The persistent nature of the stored XSS increases the risk as multiple users may be exposed over time. Organizations relying on the Hereta ETH-IMC408M for network management or monitoring may face operational disruptions, data leakage, and reputational damage if exploited. The medium CVSS score reflects moderate risk, but the lack of patches and the device's deployment in network-critical roles elevate the urgency for mitigation.

1. Immediately restrict access to the device's web interface to trusted administrators only, using network segmentation and firewall rules to limit exposure. 2. Enforce strong authentication mechanisms and monitor for suspicious login activity to reduce the risk of credential compromise. 3. Implement web application firewalls (WAF) or intrusion detection systems (IDS) capable of detecting and blocking XSS payloads targeting the device's management interface. 4. Regularly audit and sanitize all input fields on the device, particularly the Device Name field, to prevent injection of malicious scripts. 5. Until an official patch is released, consider disabling or limiting access to the System Status interface if feasible. 6. Educate administrators to avoid clicking on suspicious links or inputting untrusted data into device fields. 7. Monitor vendor communications for firmware updates addressing this vulnerability and apply patches promptly once available. 8. Conduct periodic security assessments of network devices to identify similar vulnerabilities proactively.