CVE-2026-38715
CriticalCVSS 9.8Summary
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
Risk Assessment
This vulnerability poses a serious security risk as it allows attackers to gain control over the device and perform unauthorized actions.
Recommendation
It is recommended to update the devices to the latest software version to mitigate this vulnerability and implement additional security measures such as log monitoring and restricting access to the log viewing function.
Original NVD description (English source)
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

