PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-38714 InHand Networks CVE debrief

CVE-2026-38714 is a critical command injection vulnerability in InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input. The CVE record was published on 2026-06-18T17:16:30.107Z and was last modified on 2026-06-22T17:47:33.733Z. This vulnerability has a CVSS score of 9.8, indicating a critical severity level. Security teams responsible for InHand Networks IR912 and IR915 devices should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability is caused by a command injection issue in the Python configuration function of InHand Networks IR912 and IR915 devices.

Vendor
InHand Networks
Product
IR912 and IR915
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-22
Advisory published
2026-06-18
Advisory updated
2026-06-22

Who should care

Security teams responsible for InHand Networks IR912 and IR915 devices should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability has a critical severity level, with a CVSS score of 9.8. Teams should conduct thorough inventory checks to identify affected devices and implement compensating controls to limit exposure. Monitoring device logs and network traffic for suspicious activity is also recommended.

Technical summary

The vulnerability is caused by a command injection issue in the Python configuration function of InHand Networks IR912 and IR915 devices. This allows remote attackers to execute arbitrary commands as root. The CVSS score for this vulnerability is 9.8, indicating a critical severity level. The vulnerability can be exploited via a crafted input, and security teams should prioritize patching to prevent potential exploitation. The affected devices are IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by InHand Networks to address the vulnerability
  • Conduct thorough inventory checks to identify affected devices
  • Implement compensating controls, such as network segmentation or access restrictions, to limit exposure
  • Monitor device logs and network traffic for suspicious activity
  • Consider vulnerability scanning and penetration testing to identify potential weaknesses
  • Review and verify the integrity of device configurations
  • Track exceptions and retest remediated assets

Evidence notes

The advisory PDF from InHand Networks explicitly lists the IR912 and IR915 devices as affected. The CVE record and NVD entry provide additional details about the vulnerability. Evidence from InHand Networks indicates that the vulnerability is caused by a command injection issue in the Python configuration function. The vendor advisory provides mitigation guidance and recommends applying patches or updates to address the vulnerability. Further verification is needed to confirm affected product deployments and assess potential exposure.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T17:16:30.107Z and has not been modified since then.