PatchSiren

InHand Networks CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH InHand Networks CVE published 2026-06-18

CVE-2026-38718

A buffer overflow vulnerability was discovered in InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042, including earlier versions, in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device. The affected devices are widely used in various industries, and security teams should prioritize patching to prevent potenti [truncated]

CRITICAL InHand Networks CVE published 2026-06-18

CVE-2026-38717

CVE-2026-38717 is a command injection vulnerability in InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042, including earlier versions. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input in the file upload function. This vulnerability has a high impact on the affected systems, and security teams should prioritize patching to prevent potential exploitation.

CRITICAL InHand Networks CVE published 2026-06-18

CVE-2026-38716

CVE-2026-38716 is a command injection vulnerability in the Python application export function of InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042, including earlier versions. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL. Affected product deployments should be identified [truncated]

CRITICAL InHand Networks CVE published 2026-06-18

CVE-2026-38714

CVE-2026-38714 is a critical command injection vulnerability in InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input. The CVE record was published on 2026-06-18T17:16:30.107Z and was last modified on 2026-06-22T17:47:33.733Z. This vulnerability has a CVSS score of 9.8, indicating a critical severity [truncated]

CRITICAL InHand Networks CVE published 2026-05-28

CVE-2026-38707

A critical command injection vulnerability in the IPSec VPN feature of multiple InHand Networks industrial router firmware versions allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. The vulnerability affects IR302 (V3.5.108 and earlier), IR305, IR315, and IR615 (all V1.0.118 and earlier). The CVSS 3.1 score of 9.8 reflects network attack vector, low complexity, no [truncated]

CRITICAL InHand Networks CVE published 2026-05-28

CVE-2026-38704

A critical command injection vulnerability exists in the WireGuard VPN feature of multiple InHand Networks industrial router firmware versions. The vulnerability allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. Affected products include IR302 (V3.5.108 and earlier), IR305 (V1.0.118 and earlier), IR315 (V1.0.118 and earlier), and IR615 (V1.0.118 and earlier). The [truncated]

CRITICAL InHand Networks CVE published 2026-05-28

CVE-2026-38703

A critical command injection vulnerability in the ZeroTier VPN feature of InHand Networks industrial routers allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. The vulnerability affects IR302 (V3.5.108 and earlier), IR305, IR315, and IR615 (all V1.0.118 and earlier). The CVSS 3.1 score of 9.8 reflects network attack vector, low complexity, no privileges required, a [truncated]

CRITICAL InHand Networks CVE published 2026-05-28

CVE-2026-38702

A critical command injection vulnerability in InHand Networks industrial router firmware allows unauthenticated remote attackers to obtain root privileges. The vulnerability resides in the Admin Access feature of multiple IR-series router models. Affected firmware versions include IR302 V3.5.108, IR305 V1.0.118, IR315 V1.0.118, IR615 V1.0.118, and earlier releases. The CVSS 3.1 score of 9.8 reflects netwo [truncated]