The vulnerability CVE-2026-29521 affects the Shenzhen Hereta Technology ETH-IMC408M device firmware version 1.0.15 and prior. It is a cross-site request forgery (CSRF) flaw classified under CWE-352, caused by the absence of CSRF protections in the setup.cgi web interface. This interface accepts configuration commands via HTTP requests authenticated with HTTP Basic Authentication. Because the device automatically includes these credentials when a user is logged in, an attacker can host a malicious webpage that silently submits forged requests on behalf of an authenticated user. This allows unauthorized changes to critical device settings such as adding RADIUS authentication accounts, altering network configurations, or triggering diagnostic functions. The vulnerability requires no privileges or prior authentication but does require the victim to visit a malicious webpage (user interaction). The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on integrity. No known exploits have been reported, and no official patches have been released as of the publication date. The vulnerability poses a risk of unauthorized configuration changes that could compromise network security or device availability if exploited.

The primary impact of this vulnerability is unauthorized modification of device configurations, which can undermine network security and operational stability. Attackers could add rogue RADIUS accounts, potentially allowing unauthorized network access or interception of authentication traffic. Altering network settings could disrupt connectivity, redirect traffic, or expose the device to further attacks. Triggering diagnostics might be used to gather sensitive information or cause denial of service. Since the device is likely used in network infrastructure environments, such unauthorized changes could have cascading effects on enterprise or industrial network operations. The requirement for user interaction limits large-scale automated exploitation but targeted attacks against administrators or users with access to the device's web interface remain a significant risk. The absence of known exploits reduces immediate threat but does not eliminate the potential for future attacks. Organizations relying on this device should consider the risk of compromise to confidentiality, integrity, and availability of their network infrastructure.

1. Immediately restrict access to the device's web management interface to trusted networks and users only, using network segmentation and firewall rules. 2. Educate users and administrators to avoid visiting untrusted or suspicious websites while logged into the device's management interface. 3. Implement web browser security measures such as disabling automatic credential submission or using browser extensions that block CSRF attacks. 4. Monitor device configurations regularly for unauthorized changes and maintain detailed logs for forensic analysis. 5. If possible, disable HTTP Basic Authentication in favor of more secure authentication methods or require multi-factor authentication. 6. Contact Shenzhen Hereta Technology for firmware updates or patches addressing this vulnerability and apply them promptly once available. 7. Consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) that can detect and block CSRF attack patterns targeting the device. 8. Employ Content Security Policy (CSP) headers and SameSite cookie attributes on management interfaces to reduce CSRF risks if the device supports such configurations.