VYPR
Critical severity9.8NVD Advisory· Published May 28, 2026· Updated May 29, 2026

CVE-2026-38703

CVE-2026-38703

Description

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

Affected products

7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.