CRITICAL🇵🇱 Wersja polska

CVE-2026-38703

CVSS 9.8v3.1pub. 2026-05-28upd. 2026-05-29

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Inhandnetworks Ir302

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir302 Firmware

    OS
    Inhandnetworks
    < 3.5.112
  • Inhandnetworks Ir305

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir305 Firmware

    OS
    Inhandnetworks
    < 1.0.121
  • Inhandnetworks Ir315

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir315 Firmware

    OS
    Inhandnetworks
    < 1.0.121
  • Inhandnetworks Ir615

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir615 Firmware

    OS
    Inhandnetworks
    < 1.0.121
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2026-38707CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji IPSec VPN urządzeń InHand Networks — dostęp ROOT

CVE-2026-38704CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji WireGuard VPN urządzeń InHand Networks

CVE-2026-38702CRITICAL9.8PL ✓ten sam produkt

Command injection w firmware InHand Networks IR302/IR315/IR615 — dostęp ROOT

CVE-2021-38480CRITICAL9.6ten sam produkt

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forge...

CVE-2021-38470CRITICAL9.1ten sam produkt

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping...