CVE Catalog

CVE-2026-38715

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Risk Assessment

This vulnerability poses a serious security risk as it allows attackers to gain control over the device and perform unauthorized actions.

Recommendation

It is recommended to update the devices to the latest software version to mitigate this vulnerability and implement additional security measures such as log monitoring and restricting access to the log viewing function.

Original NVD description (English source)

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS