CVE Catalog

CVE-2026-38717

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

In InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions), a command injection vulnerability was discovered in the file upload function. This vulnerability allows remote attackers to execute arbitrary commands as root via crafted input.

Risk Assessment

Organizations using these devices are exposed to remote attacks that could lead to system takeover. Exploitation of this vulnerability may result in serious data security consequences.

Recommendation

It is recommended to update the devices to the latest software version that addresses this vulnerability. Additionally, implementing appropriate security measures to restrict access to the file upload function is advisable.

Original NVD description (English source)

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS