CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

PT-2026-44404

Name of the Vulnerable Software and Affected Versions IR302 versions prior to 3.5.108 IR305 versions prior to 1.0.118 IR315 versions prior to 1.0.118 IR615 versions prior to 1.0.118 Description A command injection issue exists in the ZeroTier VPN feature. This allows remote attackers to execute...

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the ZeroTier VPN function. This vulnerability could allow attackers to...

CVE-2026-38703

CVE-2026-38703 describes a command injection in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 V1.0.118, IR315 V1.0.118, IR615 V1.0.118 and earlier versions. Exploitation could yield ROOT privileges on remote devices. Affected component: ZeroTier VPN on the InHand IR s...

Command Injection

github.com/icewhaletech/casaos is vulnerable to a Command Injection. The vulnerability is due to lack of proper input validation and sanitization mechanisms via the component leave or join zerotier api, allows attackers to inject malicious commands into the system, which can then be executed...

CVE-2022-1316

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation...

CVE-2022-1316

CVE-2022-1316 affects zerotier/zerotierone prior to 1.8.8, with Local Privilege Escalation caused by incorrect permission assignments on a critical resource (notably in Windows via DLL hijacking as per Huntr). Impact is local, requiring no user interaction, and confidentiality/integrity/availabil...

PT-2022-13791 · Zerotier · Zerotierone

Name of the Vulnerable Software and Affected Versions: zerotier/zerotierone versions prior to 1.8.8 Description: The issue is related to an incorrect permission assignment for a critical resource in the GitHub repository zerotier/zerotierone, which can lead to local privilege escalation. This is...

GHSA-JH63-28GX-7P26 Command Injection in CasaOS

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api...

Command Injection in CasaOS

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api...

PT-2022-16533 · Casaos · Casaos

Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.2.7 Description: The issue is a command injection vulnerability. It can be exploited via the component that handles leave or join zerotier API requests. Recommendations: For versions prior to 0.2.7, update to versio...