CVE-2026-4840

Name of the Vulnerable Software and Affected Versions Netcore Power 15AX versions up to 3.0.0.6938

Description A security flaw exists in Netcore Power 15AX up to version 3.0.0.6938. This issue involves the setTools function within the /bin/netis.cgi file of the Diagnostic Tool Interface component. Manipulation of the IpAddr argument can lead to os command injection. Remote exploitation is possible. The exploit has been publicly released. The vendor was contacted but did not respond.

Recommendations Versions prior to 3.0.0.6938 should be updated. As a temporary workaround, restrict access to the /bin/netis.cgi file. Avoid using the IpAddr argument in the setTools function until the issue is resolved.