InHand Networks Industrial Routers Command Injection Vulnerability in IPSec VPN Function

Vulnerability

Patched

A command injection vulnerability has been identified in the IPSec VPN feature of InHand Networks Industrial Routers IR302, IR305, IR315, and IR615, all running vulnerable firmware versions. This vulnerability allows attackers to execute arbitrary commands with root privileges on the affected devices.

Impact

Exploitation of this vulnerability grants root privileges on the affected device, allowing for complete control over the device's functions and capabilities.

Remediation

Users are advised to update to the following fixed firmware versions: IR302: InRouter3XX-V3.5.112, IR305: InRouter3X5-V1.0.121, IR315: InRouter3X5-V1.0.121, IR615: InRouter6XS-V1.0.121.

Added: May 28, 2026, 8:08 PM

Updated: May 28, 2026, 8:08 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

9.7

InHand Networks Industrial Routers Command Injection Vulnerability in IPSec VPN Function

Vulnerability

Impact

Remediation

Affected Products

InHand Networks IR302

InHand Networks IR305

InHand Networks IR315

InHand Networks IR615

CVSS Scores

References

Vulnerability Rating