CVE-2026-38717
CriticalCVSS 9.8Summary
In InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions), a command injection vulnerability was discovered in the file upload function. This vulnerability allows remote attackers to execute arbitrary commands as root via crafted input.
Risk Assessment
Organizations using these devices are exposed to remote attacks that could lead to system takeover. Exploitation of this vulnerability may result in serious data security consequences.
Recommendation
It is recommended to update the devices to the latest software version that addresses this vulnerability. Additionally, implementing appropriate security measures to restrict access to the file upload function is advisable.
Original NVD description (English source)
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

