top of page
perceptive_background_267k.jpg

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.11…

Published:

27 May 2026 at 22:00:00

Alert date:

28 May 2026 at 19:09:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A critical command injection vulnerability affects the Admin Access feature of multiple InHand Networks IR series devices including IR302, IR305, IR315, and IR615 models. The vulnerability exists in firmware versions V3.5.108 for IR302 and V1.0.118 for IR305, IR315, and IR615, as well as earlier versions. Attackers can exploit this flaw to gain ROOT privileges on remote target devices. This represents a high-severity security issue that could allow complete system compromise. The vulnerability affects industrial router devices commonly used in network infrastructure.

Technical details

Mitigation steps:

Affected products:

InHand Networks IR302
InHand Networks IR305
InHand Networks IR315
InHand Networks IR615

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38702
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page