CVE-2026-4840 | Netcore Power 15AX up to 3.0.0.6938 Diagnostic Tool Interface /bin/netis.cgi setTools IpAddr os command injection

A vulnerability identified as critical has been detected in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection.

This vulnerability is known as CVE-2026-4840. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4840 | Netcore Power 15AX up to 3.0.0.6938 Diagnostic Tool Interface /bin/netis.cgi setTools IpAddr os command injection

Post correlati

CVE-2025-48089 | HiStudy Plugin up to 3.0.x on WordPress sql injection

CVE-2024-31070 | Century Systems FutureNet WXR-250 Telnet Service initialization

CVE-2024-34256 | OFCMS 1.1.2 New Table sql injection

CVE-2024-33930 | ILLID Share This Image Plugin up to 1.97 on WordPress redirect