The vulnerability CVE-2026-29521 affects the Shenzhen Hereta Technology Co., Ltd. ETH-IMC408M device, specifically firmware version 1.0.15 and earlier. It is a Cross-Site Request Forgery (CSRF) vulnerability classified under CWE-352. The root cause is the absence of CSRF protections in the setup.cgi web interface, which is responsible for device configuration. Because the device uses HTTP Basic Authentication, browsers automatically include credentials with requests to the device's interface. An attacker can exploit this by hosting a malicious webpage that, when visited by an authenticated user, silently submits forged requests to the device. These requests can modify critical device settings such as adding RADIUS accounts, altering network configurations, or triggering diagnostic functions. The vulnerability requires no prior authentication or privileges but does require the victim to interact with the attacker's webpage. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:A), no confidentiality or availability impact, and low integrity impact (VI:L). No patches or known exploits are currently available, and the vulnerability was published on March 16, 2026.

The impact of this vulnerability is significant for organizations relying on the Hereta ETH-IMC408M device for network management and authentication services. Successful exploitation can lead to unauthorized changes in device configuration, potentially compromising network security by adding rogue RADIUS accounts or altering network parameters. This could facilitate unauthorized network access, interception of sensitive data, or disruption of network services. Although the vulnerability does not directly impact confidentiality or availability, the integrity of device configurations is at risk, which can have cascading effects on network security posture. The requirement for user interaction limits mass exploitation but targeted attacks against administrators or users with access to the device's web interface are plausible. Organizations with these devices in critical network segments or those managing sensitive authentication infrastructure are at higher risk.

To mitigate this vulnerability, organizations should implement the following specific measures: 1) Immediately restrict access to the device's web interface to trusted networks and users only, using network segmentation and firewall rules. 2) Disable HTTP Basic Authentication if possible or replace it with more secure authentication methods that include CSRF protections. 3) Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) to detect and block suspicious CSRF attack patterns targeting the device. 4) Educate users and administrators about the risks of visiting untrusted websites while authenticated to network devices. 5) Monitor device configuration changes and logs for unauthorized modifications. 6) Contact Shenzhen Hereta Technology for firmware updates or patches addressing this vulnerability and apply them promptly once available. 7) Consider implementing multi-factor authentication (MFA) on management interfaces if supported. These steps go beyond generic advice by focusing on access control, user awareness, and proactive monitoring tailored to the device's environment.