CVE-2026-4840

Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection

CVSS 8.7 HIGHEPSS 8.3%CWE-77 CWE-78

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 8.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Mar 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

Netcore · Power 15AX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fakervsbln/netcore-power15ax-cve https://vuldb.com/?ctiid.353146 https://vuldb.com/?id.353146 https://vuldb.com/?submit.776127