cbcvebase.
CVE-2026-38716
published 2026-06-18

CVE-2026-38716: InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.32%
67.2th percentile
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

Affected

2 ranges
VendorProductVersion rangeFixed in
inhandnetworksir912l-fq58_firmware< 1.0.0.r200441.0.0.r20044
inhandnetworksir915l-fq39-s_firmware< 1.0.0.r200441.0.0.r20044
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.