What is the CVSS score of CVE-2026-38707?

CVE-2026-38707 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Which versions of InHand IR-series Routers are affected by CVE-2026-38707?

InHand Networks industrial cellular routers (IR302, IR305, IR315, IR615) contain a critical vulnerability enabling unauthenticated remote code execution as root via the IPSec VPN feature, affecting…

InHand IR-series Routers CVE-2026-38707

CRITICAL

Command Injection (CWE-77)

2026-05-28 mitre

Command Injection N A

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 28, 2026 - 19:22 vuln.today

CVSS changed

May 28, 2026 - 18:22 NVD

9.8 (CRITICAL)

CVE Published

May 28, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

DescriptionNVD

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

AnalysisAI

Remote code execution as root in InHand Networks industrial cellular routers (IR302, IR305, IR315, IR615) allows unauthenticated network attackers to inject operating system commands through the IPSec VPN feature. The CVSS 9.8 score reflects network-reachable, low-complexity, unauthenticated exploitation with full confidentiality, integrity, and availability impact. …

RemediationAI

Within 24 hours: inventory all InHand Networks routers (IR302, IR305, IR315, IR615 models) in production, isolate affected units from untrusted networks, and restrict IPSec VPN access to trusted IP address ranges only. Within 7 days: implement network segmentation to limit lateral movement from compromised routers and deploy network-based monitoring on all IPSec traffic to these devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-38707 vulnerability details – vuln.today

Back

InHand IR-series Routers CVE-2026-38707

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code