CVE-2026-38716
CriticalCVSS 9.8Summary
In InHand Networks devices IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions), a command injection vulnerability was discovered in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via crafted input.
Risk Assessment
This vulnerability poses a serious security risk as it allows attackers to remotely take control of the device with administrator privileges. This could lead to unauthorized access to data and potential damage to network infrastructure.
Recommendation
It is recommended to update the devices to the latest software version to eliminate this vulnerability. Additionally, implementing appropriate security measures such as input filtering and network activity monitoring is advisable.
Original NVD description (English source)
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

