CVE 9.8 CRITICAL

CVE-2026-38707_CVE-2026-38707

May 28, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

AI Analysis

Command injection vulnerability in IPSec VPN feature allowing attackers to obtain ROOT privileges

Basic Information

ID CVE-2026-38707

Source mitre

Published May 28, 2026 at 00:00

Modified May 28, 2026 at 17:40

Affected Product

Vendor InHand Networks

Product InHand Networks IR302, IR305, IR315, IR615

Version V3.5.108, V1.0.118, and earlier versions

Affected Versions n/a n/a n/a

CWE Classification

CWE-77

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor InHand Networks

Product InHand Networks IR302, IR305, IR315, IR615

Version V3.5.108, V1.0.118, and earlier versions

References

www.inhand.com /wp-content/uploads/InHand-PSA-2026-05_EN.pdf

{
    "lastseen": "",
    "description": "A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.",
    "published": "2026-05-28T00:00:00.000Z",
    "modified": "2026-05-28T17:40:15.611Z",
    "type": "cve",
    "title": "CVE-2026-38707",
    "source": "mitre",
    "references": "https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf",
    "id": "CVE-2026-38707",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InHand Networks IR302, IR305, IR315, IR615",
    "version": "V3.5.108, V1.0.118, and earlier versions",
    "vendor": "InHand Networks",
    "ai_description": "Command injection vulnerability in IPSec VPN feature allowing attackers to obtain ROOT privileges",
    "ai_severity": "Critical",
    "ai_vendor": "InHand Networks",
    "ai_product": "InHand Networks IR302, IR305, IR315, IR615",
    "ai_version": "V3.5.108, V1.0.118, and earlier versions",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply