216.73.216.233

CVE-2026-38703

· Published 28/05/2026 17:16 · Modified 29/05/2026 14:09

Labels: CVE-2026-38703 2026-05-28CVE-2026-38703CWE-77[email protected]

Essential information

Published
28/05/2026 17:16
Modified
29/05/2026 14:09
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
inhandnetworks / ir315 firmware cpe:2.3:o:inhandnetworks:ir315_firmware:*:*:*:*:*:*:*:*
inhandnetworks / ir315 cpe:2.3:h:inhandnetworks:ir315:-:*:*:*:*:*:*:*
inhandnetworks / ir302 firmware cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*
inhandnetworks / ir302 cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*
inhandnetworks / ir615 firmware cpe:2.3:o:inhandnetworks:ir615_firmware:*:*:*:*:*:*:*:*
inhandnetworks / ir615 cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*
inhandnetworks / ir305 firmware cpe:2.3:o:inhandnetworks:ir305_firmware:*:*:*:*:*:*:*:*
inhandnetworks / ir305 cpe:2.3:h:inhandnetworks:ir305:-:*:*:*:*:*:*:*

References