CVE-2026-38718
Analyzed Analyzed - Analysis Complete

Buffer Overflow in InHand Networks IR912 and IR915 Devices

Vulnerability report for CVE-2026-38718, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-18

Last updated on: 2026-06-22

Assigner: MITRE

Description

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-18
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-18
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
inhandnetworks ir915l-fq39-s_firmware to 1.0.0.r20044 (exc)
inhandnetworks ir912l-fq58_firmware to 1.0.0.r20044 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in InHand Networks IR912 and IR915 devices, specifically in the device registration function. It is a buffer overflow vulnerability, which means that an attacker can exploit it by sending data that exceeds the buffer's capacity, potentially causing unexpected behavior.

This vulnerability could allow an attacker to cause a denial of service (DoS) attack on the affected device, making it unavailable or unresponsive.

Impact Analysis

This vulnerability can impact you by allowing an attacker to perform a denial of service attack on your InHand Networks IR912 or IR915 device. This means the device could become unresponsive or unavailable, potentially disrupting network operations or services that depend on the device.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart