VYPR
Vendor

InHand Networks

Products
16
CVEs
65
Across products
102
Status
Private

Products

16

Recent CVEs

65
View all 65 CVEs →
  • CVE-2026-38707CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.01

    A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on…

  • CVE-2026-38704CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.01

    A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges…

  • CVE-2026-38703CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.01

    A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on…

  • CVE-2026-38702CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.01

    A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on…

  • CVE-2022-26518May 12, 2022
    risk 0.01cvss epss 0.05

    An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26420May 12, 2022
    risk 0.01cvss epss 0.06

    An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26075May 12, 2022
    risk 0.01cvss epss 0.06

    An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26002May 12, 2022
    risk 0.01cvss epss 0.03

    A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this…

  • CVE-2026-38715Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

  • CVE-2026-38714Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a…

  • CVE-2026-38718Jun 18, 2026
    risk 0.00cvss epss 0.00

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote…

  • CVE-2026-38716Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a…

  • CVE-2026-38717Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

  • CVE-2023-22601Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could…

  • CVE-2023-22600Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device…

  • CVE-2023-22599Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They  send MQTT credentials in response to HTTP/HTTPS requests from the…

  • CVE-2023-22598Jan 12, 2023
    risk 0.00cvss epss 0.02

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with…

  • CVE-2023-22597Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by…

  • CVE-2022-30543Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-29888Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.