cvedb.io
CVE-2026-38702
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-05-28T17:16:21.177 · Last modified 2026-06-17T10:41:45.073

Summary

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

Affected products

inhandnetworks — ir315_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when inhandnetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.