Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-38707: InHand Networks IR302, IR305, IR315, IR615 firmware command injection risk: unauthorized root access

CVE-2026-38707

Summary

The IPSec VPN feature in InHand Networks IR302, IR305, IR315, and IR615 firmware allows attackers to gain control of the device by sending malicious commands. This is a serious risk because it can allow unauthorized access to your device and the data it handles. To protect your device, update the firmware to the latest version.

Original title

Original description

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

Vulnerability type

CWE-77 Command Injection

https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026