top of page
perceptive_background_267k.jpg

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.1…

Published:

27 May 2026 at 22:00:00

Alert date:

28 May 2026 at 19:09:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A command injection vulnerability exists in the WireGuard VPN feature of multiple InHand Networks router models including IR302, IR305, IR315, and IR615. The vulnerability affects firmware versions V3.5.108 for IR302 and V1.0.118 for IR305/IR315/IR615 and earlier. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices. This represents a critical security flaw as it allows complete system compromise through remote exploitation. The vulnerability impacts industrial routers commonly used in network infrastructure deployments.

Technical details

Mitigation steps:

Affected products:

InHand Networks IR302
InHand Networks IR305
InHand Networks IR315
InHand Networks IR615

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38704
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page