CVE 9.8 CRITICAL

CVE-2026-38704_CVE-2026-38704

May 28, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

AI Analysis

Command injection vulnerability in WireGuard VPN feature

Basic Information

ID CVE-2026-38704

Source mitre

Published May 28, 2026 at 00:00

Modified May 28, 2026 at 17:39

Affected Product

Vendor InHand Networks

Product InHand Networks IR series

Version V3.5.108, V1.0.118 and earlier

Affected Versions n/a n/a n/a

CWE Classification

CWE-77

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Product InHand Networks IR series

Version V3.5.108, V1.0.118 and earlier

References

www.inhand.com /wp-content/uploads/InHand-PSA-2026-05_EN.pdf

{
    "lastseen": "",
    "description": "A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.",
    "published": "2026-05-28T00:00:00.000Z",
    "modified": "2026-05-28T17:39:05.911Z",
    "type": "cve",
    "title": "CVE-2026-38704",
    "source": "mitre",
    "references": "https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf",
    "id": "CVE-2026-38704",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InHand Networks IR series",
    "version": "V3.5.108, V1.0.118 and earlier",
    "vendor": "InHand Networks",
    "ai_description": "Command injection vulnerability in WireGuard VPN feature",
    "ai_severity": "Critical",
    "ai_vendor": "",
    "ai_product": "InHand Networks IR series",
    "ai_version": "V3.5.108, V1.0.118 and earlier",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply