CVE-2026-38714

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Jun 18, 2026

Vendor unknown

Description

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

References

https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf