CVE-2026-38704
Received
Received - Intake
Command Injection in InHand Networks IR Series Firmware
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: MITRE
Description
Description
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inhand_networks | ir302 | 3.5.108 |
| inhand_networks | ir305 | 1.0.118 |
| inhand_networks | ir315 | 1.0.118 |
| inhand_networks | ir615 | to 3.5.108 (exc) |
| inhand_networks | ir615 | to 1.0.118 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70