top of page
perceptive_background_267k.jpg

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.11…

Published:

27 May 2026 at 22:00:00

Alert date:

28 May 2026 at 20:05:25

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A critical command injection vulnerability exists in the Admin Access feature of multiple InHand Networks router models including IR302, IR305, IR315, and IR615. The vulnerability affects firmware versions V3.5.108 for IR302 and V1.0.118 for IR305, IR315, and IR615, along with earlier versions. Attackers can exploit this vulnerability to gain ROOT privileges on remote target devices. This represents a significant security risk for network infrastructure as it allows complete system compromise. The vulnerability is classified as high severity due to the potential for complete device takeover.

Technical details

Mitigation steps:

Affected products:

InHand Networks IR302
InHand Networks IR305
InHand Networks IR315
InHand Networks IR615

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38702
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page