The InHand Networks IR912 and IR915 devices running firmware version V1.0.0.r20042 and earlier are vulnerable to a command injection flaw in their log viewing functionality. This vulnerability enables remote attackers to execute arbitrary commands as the root user by sending specially crafted input. The vulnerability has been publicly disclosed but lacks a CVSS score and any vendor-provided remediation details. No known exploits have been reported in the wild. The affected products are not cloud services, so remediation depends on vendor patch releases or other mitigations.

Successful exploitation allows remote attackers to execute arbitrary commands with root privileges on affected devices. This can lead to full system compromise, unauthorized access, and control over the device. The vulnerability impacts device integrity and confidentiality. No information is available about exploitation in the wild or additional impact details.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the affected devices' management interfaces and monitor for suspicious activity related to log viewing functions. Follow vendor communications for updates on patches or mitigations.