Description
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.
Published: 2026-06-18
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the device registration function of InHand Networks IR912 and IR915 routers. An attacker who can send a specially crafted registration request can overflow a buffer, leading the device to reset or crash. The result is a denial of service that disrupts network connectivity and services provided by the device.

Affected Systems

InHand Networks IR912 and IR915 devices running firmware version 1.0.0.r20042 or earlier are affected.

Risk and Exploitability

The flaw can be triggered remotely via the registration interface. No publicly available CVSS score or EPSS data is reported, and the vulnerability is not listed in CISA KEV. Nonetheless, because it permits a remote attacker to bring the device down, the risk remains significant for networks relying on these devices.

Generated by OpenCVE AI on June 18, 2026 at 19:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or block the device registration service through firmware or network configuration.
  • If a patched firmware is available from InHand, upgrade the device to a newer version as soon as possible.
  • Implement network segmentation and firewall rules to restrict access to the registration port from untrusted networks.
  • Monitor device logs for repeated registration attempts and verify device stability.

Generated by OpenCVE AI on June 18, 2026 at 19:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in InHand Networks IR912/IR915 Device Registration Enables Remote DoS
Weaknesses CWE-119

Thu, 18 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-18T17:39:10.420Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38718

cve-icon Vulnrichment

Updated: 2026-06-18T17:37:12.073Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:15:02Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')