CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf

Products affected by CVE-2026-38703

Inhandnetworks » Ir302 » Version: N/A

cpe:2.3:h:inhandnetworks:ir302:-
Inhandnetworks » Ir305 » Version: N/A

cpe:2.3:h:inhandnetworks:ir305:-
Inhandnetworks » Ir315 » Version: N/A

cpe:2.3:h:inhandnetworks:ir315:-
Inhandnetworks » Ir615 » Version: N/A

cpe:2.3:h:inhandnetworks:ir615:-
Inhandnetworks » Ir302 Firmware » Version: 3.5.37

cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.37
Inhandnetworks » Ir302 Firmware » Version: 3.5.4

cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.4
Inhandnetworks » Ir302 Firmware » Version: 3.5.45

cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45
Inhandnetworks » Ir305 Firmware » Version: Any

cpe:2.3:o:inhandnetworks:ir305_firmware:*
Inhandnetworks » Ir315 Firmware » Version: Any

cpe:2.3:o:inhandnetworks:ir315_firmware:*
Inhandnetworks » Ir615 Firmware » Version: Any

cpe:2.3:o:inhandnetworks:ir615_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-38703

Products

Pricing

Contact Us