CVE Catalog

CVE-2026-38714

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Risk Assessment

This vulnerability poses a serious security risk as it allows attackers full access to the system, potentially leading to data and service compromise.

Recommendation

It is recommended to update the devices to the latest software version to mitigate this vulnerability and implement additional security measures such as monitoring and access restrictions.

Original NVD description (English source)

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS