How is CVE-2026-38715 exploited?

Network reachability (required): The attacker must reach the device's log viewing interface over the network; no physical or local access is needed. Authentication (not-required): No credentials are required; the vulnerable log viewing function is reachable without logging in. Victim interaction (not-required): The attacker sends a crafted request directly to the device; no user action is needed to trigger the injection. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions, special memory layout, or environmental prerequisites are required.

What is the impact of CVE-2026-38715?

The attacker executes arbitrary commands as root, gaining full administrative control of the router's operating system. All data stored on the device (logs, credentials, VPN keys, configuration files) is readable by the attacker. The attacker can modify routing tables, firewall rules, and interface configuration, redirecting or blocking network traffic. The device can be crashed or rebooted at will, disrupting all network services the router provides.

Back to search

CRITICALCVE-2026-38715Published 2026-06-18Modified 2026-06-18CNA mitre

CVE-2026-38715: InHand Networks IR912 V1

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Command injection in InHand Networks IR912 and IR915 industrial routers (firmware V1.0.0.r20042 and earlier) allows a remote attacker with no authentication to execute arbitrary operating system commands as root. The vulnerability sits in the log viewing function, which fails to sanitize user-supplied input before passing it to a system shell. Successful exploitation gives the attacker full control of the device, including the ability to read all stored data, modify configuration, and disrupt routing services. HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images derived from affected firmware versions.

Available

Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the CVSS v3.1 vector and weights it against each customer organization's compliance policy, routing findings to the appropriate team inbox automatically.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the vendor ships a remediated firmware release. Customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a pull request opened against affected workloads as soon as that rebuild becomes available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's log viewing interface over the network; no physical or local access is needed.
AuthenticationNot required
No credentials are required; the vulnerable log viewing function is reachable without logging in.
Victim interactionNot required
The attacker sends a crafted request directly to the device; no user action is needed to trigger the injection.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, special memory layout, or environmental prerequisites are required.

Blast Radius

The attacker executes arbitrary commands as root, gaining full administrative control of the router's operating system.
All data stored on the device (logs, credentials, VPN keys, configuration files) is readable by the attacker.
The attacker can modify routing tables, firewall rules, and interface configuration, redirecting or blocking network traffic.
The device can be crashed or rebooted at will, disrupting all network services the router provides.

How HarborGuard Handles This

Available on HarborGuard: this CVE is flagged at CRITICAL severity and matched against any customer images derived from or bundling affected InHand Networks IR912/IR915 firmware. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild and (for customers with auto-remediation enabled) a regression-test run plus a pull request against affected workloads the moment the vendor publishes a remediated release. In the interim, compensating controls to consider include network-policy isolation that restricts inbound access to the log viewing interface, egress filtering to limit lateral movement if the device is compromised, and disabling the log viewing function via feature-flag or ACL if the router firmware permits it. Customers can set alert thresholds so any image match on this CVE escalates immediately regardless of standard triage cadence.

See how HarborGuard automates this

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

inhand.com

Metrics

Get notified