How is CVE-2026-38702 exploited?

Network reachability (required): The vulnerable Admin Access interface is exposed over the network, so an attacker must be able to reach the device's admin endpoint to exploit it. Authentication (not-required): No credentials of any kind are required; the vulnerability is exploitable by an unauthenticated remote attacker. Victim interaction (not-required): No user action on the target device is needed; the attacker sends a crafted request directly without any social-engineering step. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and imposes no special preconditions such as race conditions or non-default configuration.

What is the impact of CVE-2026-38702?

A successful attacker gains root-level command execution on the affected InHand Networks device, giving full control over the operating system and all running processes. The attacker can read all data stored or passing through the device, including network credentials, VPN keys, and any configuration secrets held in firmware. The attacker can modify device configuration, routing tables, firewall rules, or firmware, enabling persistent backdoors or traffic interception. The attacker can crash or reboot the device at will, disrupting network connectivity for any infrastructure that depends on it.

Back to search

CRITICALCVE-2026-38702Published 2026-05-28Modified 2026-05-28CNA mitre

CVE-2026-38702: A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302, IR305, IR315, and IR615 router firmware. The flaw is reachable over the network with no authentication required and no user interaction needed, meaning any attacker who can reach the device's admin interface can send a crafted request. Successful exploitation gives the attacker root-level command execution on the affected device. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images and pipeline artifacts, including custom-built firmware-derived images that package InHand Networks IR302, IR305, IR315, or IR615 firmware components. Coverage applies to both registry scans and in-pipeline builds.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 9.8 (Critical) and weighting it against each environment's compliance policy to determine urgency and escalation path. Triage routing can deliver the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment InHand Networks ships a remediated firmware version. In the interim, compensating controls can be applied at the policy layer as described in the recommendation below.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable Admin Access interface is exposed over the network, so an attacker must be able to reach the device's admin endpoint to exploit it.
AuthenticationNot required
No credentials of any kind are required; the vulnerability is exploitable by an unauthenticated remote attacker.
Victim interactionNot required
No user action on the target device is needed; the attacker sends a crafted request directly without any social-engineering step.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and imposes no special preconditions such as race conditions or non-default configuration.

Blast Radius

A successful attacker gains root-level command execution on the affected InHand Networks device, giving full control over the operating system and all running processes.
The attacker can read all data stored or passing through the device, including network credentials, VPN keys, and any configuration secrets held in firmware.
The attacker can modify device configuration, routing tables, firewall rules, or firmware, enabling persistent backdoors or traffic interception.
The attacker can crash or reboot the device at will, disrupting network connectivity for any infrastructure that depends on it.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-38702 at this time, the platform monitors the InHand Networks advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a remediated firmware version is published. For environments with auto-remediation enabled, that rebuild will be followed by a regression test run and a PR opened against affected workloads without manual intervention. While waiting for an upstream patch, customers can apply compensating controls through HarborGuard policy: network-policy isolation rules can restrict access to the device admin interface to explicitly trusted source addresses only, and egress filtering can limit the blast radius if a device is compromised. For container images that bundle or reference InHand Networks IR302, IR305, IR315, or IR615 firmware, feature-flag gating on the Admin Access interface should be evaluated as an interim measure. The finding is already surfaced at Critical severity in the HarborGuard dashboard for any environment where a matching image is present.

See how HarborGuard automates this

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

inhand.com