https://feed.craftedsignal.io/tags/netcore/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 05:16:40 +0000https://feed.craftedsignal.io/briefs/2026-03-netcore-rce/Thu, 26 Mar 2026 05:16:40 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-netcore-rce/CVE-2026-4840 is a critical command injection vulnerability in the Netcore Power 15AX router that allows remote attackers to execute arbitrary OS commands by manipulating the IpAddr argument in the setTools function of the /bin/netis.cgi file.A remote command execution vulnerability, CVE-2026-4840, affects Netcore Power 15AX devices with firmware versions up to 3.0.0.6938. The vulnerability resides in the Diagnostic Tool Interface, specifically within the setTools function of the /bin/netis.cgi file. By manipulating the IpAddr argument, an attacker can inject and execute arbitrary operating system commands on the device. This vulnerability poses a significant risk, as it allows unauthenticated remote attackers to gain complete…

]]>criticaladvisorycommand-injectionrcevulnerabilitynetcorerouter