CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added last week•6 views

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

9.8CVSS0.00244EPSS

NVD•added last week•6 views

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

9.8CVSS0.00244EPSS

ATTACKERKB•added last week•7 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00078EPSS

Exploits0References3Affected Software1

ATTACKERKB•added last week•4 views

CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00054EPSS

Exploits1References2

Vulnrichment•added last week•2 views

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00118EPSS

Exploits1References1

Vulnrichment•added 2026/05/28 12:0 a.m.•4 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.00244EPSS

Cvelist•added 2026/05/28 12:0 a.m.•21 views

CVE-2026-38702

0.00244EPSS

ATTACKERKB•added 2026/05/28 12:0 a.m.•10 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.00244EPSS

Exploits0References2

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44404

Name of the Vulnerable Software and Affected Versions IR302 versions prior to 3.5.108 IR305 versions prior to 1.0.118 IR315 versions prior to 1.0.118 IR615 versions prior to 1.0.118 Description A command injection issue exists in the ZeroTier VPN feature. This allows remote attackers to execute...

CNNVD•added 2026/05/28 12:0 a.m.•4 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. Several products in the InHand IR Series have security vulnerabilities. These vulnerabilities stem from command injection in the Admin Access function, which may all...

9.8CVSS5.9AI score0.00244EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44406

Name of the Vulnerable Software and Affected Versions InHand Networks IR302 versions prior to V3.5.108 InHand Networks IR305 versions prior to V1.0.118 InHand Networks IR315 versions prior to V1.0.118 InHand Networks IR615 versions prior to V1.0.118 Description A command injection issue exists in...

CVE•added 2026/05/28 12:0 a.m.•11 views

CVE-2026-38704

CVE-2026-38704 describes a command injection vulnerability in the WireGuard VPN feature of InHand Networks firmware. Affected devices include IR302 (V3.5.108), IR305 (V1.0.118), IR315 (V1.0.118), IR615 (V1.0.118), and earlier versions. Successful exploitation can yield ROOT privileges on remote t...

9.8CVSS5.8AI score0.00244EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44403

ATTACKERKB•added 2026/05/28 12:0 a.m.•6 views

CVE-2026-38704

5.8AI score0.00244EPSS

Exploits0References2

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44405

CVE•added 2026/05/28 12:0 a.m.•6 views

CVE-2026-38702

CVE-2026-38702 is a command injection vulnerability in InHand Networks’ Admin Access feature affecting IR302 (V3.5.108) and IR305/IR315/IR615 (V1.0.118) and earlier firmware. The issue could allow remote attackers to gain ROOT privileges on target devices. The connected sources confirm affected m...

9.8CVSS5.8AI score0.00244EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/27 2:16 p.m.•5 views

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00072EPSS