Platform
other
Component
netcore-power15ax-cve
Fixed in
3.0.1
CVE-2026-4840 describes a Command Injection vulnerability discovered in the Netcore Power 15AX Diagnostic Tool Interface, specifically within the setTools function of the /bin/netis.cgi file. This flaw allows an attacker to execute arbitrary operating system commands remotely. The vulnerability impacts versions 3.0.0.6938–3.0.0.6938 of the device, and a public exploit is already available, indicating an elevated risk of immediate exploitation. A fix is pending from the vendor.
The impact of CVE-2026-4840 is significant due to the ease of remote exploitation and the availability of a public proof-of-concept. An attacker can leverage this vulnerability to execute arbitrary commands on the affected Netcore Power 15AX device. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The ability to execute commands remotely bypasses standard authentication mechanisms, making the device vulnerable to attacks from anywhere on the network or even the internet. Given the device's likely role in industrial control or power management systems, a successful attack could have cascading effects on critical infrastructure.
CVE-2026-4840 has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The vulnerability was added to the CISA KEV catalog on an unknown date. The vendor’s lack of response to early disclosure notifications raises concerns about the timeliness of a potential fix. Attackers are likely to actively scan for and exploit vulnerable devices, particularly those exposed to the internet.
Exploit Status
EPSS
0.20% (42% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a vendor-supplied patch, immediate mitigation strategies are crucial. Implement strict network segmentation to isolate the Netcore Power 15AX device from critical systems. Deploy a Web Application Firewall (WAF) with rules to filter malicious input targeting the /bin/netis.cgi endpoint, specifically looking for command injection attempts in the IpAddr parameter. Consider temporarily disabling the setTools function if possible, although this may impact device functionality. Monitor network traffic for suspicious outbound connections originating from the device. After implementing these mitigations, verify their effectiveness by attempting to reproduce the vulnerability in a controlled environment.
Update the Netcore Power 15AX firmware to a version later than 3.0.0.6938 to correct the os command injection vulnerability. Refer to the vendor's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4840 is a Command Injection vulnerability affecting Netcore Power 15AX versions 3.0.0.6938–3.0.0.6938, allowing remote command execution via manipulation of the IpAddr parameter in /bin/netis.cgi.
If you are using Netcore Power 15AX versions 3.0.0.6938–3.0.0.6938 and have remote access enabled, you are potentially affected by this vulnerability.
A vendor patch is currently unavailable. Mitigate by implementing network segmentation, WAF rules, and monitoring network traffic.
Yes, a public exploit exists, indicating a high probability of active exploitation.
The vendor has not yet released an official advisory. Monitor Netcore's website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.