Netcore Power 15AX Remote Command Execution Vulnerability
CVE-2026-4840 is a critical command injection vulnerability in the Netcore Power 15AX router that allows remote attackers to execute arbitrary OS commands by manipulating the IpAddr argument in the setTools function of the /bin/netis.cgi file.
A remote command execution vulnerability, CVE-2026-4840, affects Netcore Power 15AX devices with firmware versions up to 3.0.0.6938. The vulnerability resides in the Diagnostic Tool Interface, specifically within the setTools function of the /bin/netis.cgi file. By manipulating the IpAddr argument, an attacker can inject and execute arbitrary operating system commands on the device. This vulnerability poses a significant risk, as it allows unauthenticated remote attackers to gain complete…
Detection coverage 2
Detect Netis.cgi Command Injection Attempt
criticalDetects attempts to exploit the command injection vulnerability (CVE-2026-4840) in the /bin/netis.cgi endpoint of Netcore Power 15AX routers by identifying suspicious characters or command sequences in the IpAddr parameter.
Detect Netis.cgi Access from Uncommon IPs
mediumDetects access to /bin/netis.cgi from IP addresses not typically seen accessing the router's web interface, which could indicate unauthorized access or exploitation attempts.
Detection queries are kept inside the platform. Get full rules →