9.8
CVE-2026-38707
- EPSS 1.24%
- Veröffentlicht 28.05.2026 00:00:00
- Zuletzt bearbeitet 29.05.2026 14:08:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inhandnetworks ≫ Ir315 Firmware Version < 1.0.121
Inhandnetworks ≫ Ir302 Firmware Version < 3.5.112
Inhandnetworks ≫ Ir615 Firmware Version < 1.0.121
Inhandnetworks ≫ Ir305 Firmware Version < 1.0.121
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf