PatchSiren cyber security CVE debrief
CVE-2026-38704 InHand Networks CVE debrief
A critical command injection vulnerability exists in the WireGuard VPN feature of multiple InHand Networks industrial router firmware versions. The vulnerability allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. Affected products include IR302 (V3.5.108 and earlier), IR305 (V1.0.118 and earlier), IR315 (V1.0.118 and earlier), and IR615 (V1.0.118 and earlier). The CVSS 3.1 score of 9.8 reflects network attack vector, low attack complexity, no required privileges or user interaction, and high impact to confidentiality, integrity, and availability. The vulnerability was disclosed via vendor security advisory on May 28, 2026.
- Vendor
- InHand Networks
- Product
- IR302, IR305, IR315, IR615 Industrial Routers (firmware versions V3.5.108 and earlier for IR302; V1.0.118 and earlier for IR305, IR315, IR615)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-28
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-28
- Advisory updated
- 2026-05-29
Who should care
Industrial control system operators, critical infrastructure security teams, manufacturing network administrators, telecommunications providers using InHand cellular routers, and organizations with remote site connectivity dependent on affected InHand device models.
Technical summary
The vulnerability resides in the WireGuard VPN configuration handling of InHand Networks industrial router firmware. Insufficient input sanitization allows command injection through the VPN feature interface. Successful exploitation grants attackers complete administrative control over affected devices with ROOT privileges, enabling lateral movement, persistent access establishment, and potential disruption of industrial control system operations. The attack requires no authentication and can be conducted remotely over the network.
Defensive priority
critical
Recommended defensive actions
- Immediately inventory all InHand Networks IR302, IR305, IR315, and IR615 devices and identify firmware versions
- Apply patched firmware versions as specified in vendor security advisory when available
- If patching is not immediately possible, restrict network access to WireGuard VPN management interfaces to trusted administrative hosts only
- Monitor for anomalous command execution or privilege escalation attempts on affected devices
- Review device logs for indicators of compromise, particularly unauthorized ROOT-level activity
- Segment affected industrial routers from critical operational technology networks pending remediation
Evidence notes
Vulnerability confirmed through official vendor security advisory (InHand PSA 2026-05) and NVD entry. CWE-77 (Command Injection) identified as root cause. Vendor attribution based on reference domain evidence with low confidence; product and version enumeration derived from CVE description and vendor advisory reference.
Official resources
-
CVE-2026-38704 CVE record
CVE.org
-
CVE-2026-38704 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-28