A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, …

A command injection vulnerability exists in the IPSec VPN feature of multiple InHand Networks router models including IR302, IR305, IR315, and IR615. The vulnerability affects firmware versions V3.5.108 and V1.0.118 and earlier versions respectively. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices. The vulnerability represents a critical security risk as it allows complete system compromise through remote command execution. The affected devices are industrial routers commonly used in network infrastructure deployments.