CVE-2026-38702
Command Injection in InHand Networks IR30x Firmware
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inhand_networks | ir302 | to 3.5.108 (exc) |
| inhand_networks | ir305 | to 1.0.118 (exc) |
| inhand_networks | ir315 | to 1.0.118 (exc) |
| inhand_networks | ir615 | to 1.0.118 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw found in the Admin Access feature of certain InHand Networks devices running specific firmware versions. It allows attackers to execute arbitrary commands on the device remotely.
By exploiting this vulnerability, attackers can gain ROOT privileges on the affected devices, meaning they can take full control over the system.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain full administrative (ROOT) access to the affected device remotely.
This could lead to unauthorized control over the device, potentially allowing the attacker to manipulate device functions, access sensitive data, disrupt operations, or use the device as a foothold for further attacks within a network.