Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-38704: WireGuard VPN flaw in InHand Networks firmware: unauthorized access
CVE-2026-38704
Summary
A security issue in InHand Networks IR302, IR305, IR315, and IR615 firmware versions allows attackers to gain control over devices connected to the VPN. This could lead to unauthorized access and data breaches. InHand Networks should be contacted to obtain a secure firmware update.
Original title
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earl...
Original description
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
Vulnerability type
CWE-77
Command Injection
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026