CVE-2026-38714
CriticalCVSS 9.8Summary
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.
Risk Assessment
This vulnerability poses a serious security risk as it allows attackers full access to the system, potentially leading to data and service compromise.
Recommendation
It is recommended to update the devices to the latest software version to mitigate this vulnerability and implement additional security measures such as monitoring and access restrictions.
Original NVD description (English source)
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

