{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/netcore/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","vulnerability","netcore","router"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA remote command execution vulnerability, CVE-2026-4840, affects Netcore Power 15AX devices with firmware versions up to 3.0.0.6938. The vulnerability resides in the Diagnostic Tool Interface, specifically within the \u003ccode\u003esetTools\u003c/code\u003e function of the \u003ccode\u003e/bin/netis.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003eIpAddr\u003c/code\u003e argument, an attacker can inject and execute arbitrary operating system commands on the device. This vulnerability poses a significant risk, as it allows unauthenticated remote attackers to gain complete…\u003c/p\u003e\n","date_modified":"2026-03-26T05:16:40Z","date_published":"2026-03-26T05:16:40Z","id":"/briefs/2026-03-netcore-rce/","summary":"CVE-2026-4840 is a critical command injection vulnerability in the Netcore Power 15AX router that allows remote attackers to execute arbitrary OS commands by manipulating the IpAddr argument in the setTools function of the /bin/netis.cgi file.","title":"Netcore Power 15AX Remote Command Execution Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-netcore-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Netcore","version":"https://jsonfeed.org/version/1.1"}