A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
The vulnerability classified as CWE-77 (Improper Neutralization of Special Elements used in a Command) is due to the lack of proper validation or filtering of input data passed to the WireGuard VPN function in InHand Networks device firmware. An attacker can prepare a malicious payload containing system commands that will be executed directly by the device's operating system. The attack vector is network-based (AV:N), requires no authentication (PR:N) and no user interaction (UI:N), making it particularly dangerous in production environments.
Successful exploitation of the vulnerability allows an attacker to gain ROOT privileges on a remote device, meaning complete takeover of control — ability to read and modify configuration, eavesdrop on network traffic, install malicious software, and use the device as an entry point to the internal network.
Apply patches available from the manufacturer in accordance with the references (InHand PSA-2026-05). It is recommended to immediately implement firmware updates and restrict access to device management interfaces only to trusted IP addresses. Until the update is applied, consider disabling the WireGuard VPN function if it is not essential.
InHand Networks IR302 firmware V3.5.108 and earlier, IR305 firmware V1.0.118 and earlier, IR315 firmware V1.0.118 and earlier, IR615 firmware V1.0.118 and earlier.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInhandnetworks Ir302
HWInhandnetworkswszystkie wersjeInhandnetworks Ir302 Firmware
OSInhandnetworks< 3.5.112Inhandnetworks Ir305
HWInhandnetworkswszystkie wersjeInhandnetworks Ir305 Firmware
OSInhandnetworks< 1.0.121Inhandnetworks Ir315
HWInhandnetworkswszystkie wersjeInhandnetworks Ir315 Firmware
OSInhandnetworks< 1.0.121Inhandnetworks Ir615
HWInhandnetworkswszystkie wersjeInhandnetworks Ir615 Firmware
OSInhandnetworks< 1.0.121
Related vulnerabilities
Command injection w funkcji IPSec VPN urządzeń InHand Networks — dostęp ROOT
Command injection w funkcji ZeroTier VPN urządzeń InHand Networks
Command injection w firmware InHand Networks IR302/IR315/IR615 — dostęp ROOT
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forge...
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping...