Skip to main content

Power 15Ax

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4840 HIGH POC This Week

A critical OS command injection vulnerability exists in the Diagnostic Tool Interface of Netcore Power 15AX routers up to firmware version 3.0.0.6938. An authenticated attacker with low-level privileges can remotely execute arbitrary operating system commands by manipulating the IpAddr parameter in the setTools function of /bin/netis.cgi. A public proof-of-concept exploit has been released on GitHub, significantly increasing the risk of active exploitation, though the vendor has not responded to disclosure attempts.

Command Injection Power 15Ax
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.2%
CVE-2026-4840
EPSS 0% CVSS 7.4
HIGH POC This Week

A critical OS command injection vulnerability exists in the Diagnostic Tool Interface of Netcore Power 15AX routers up to firmware version 3.0.0.6938. An authenticated attacker with low-level privileges can remotely execute arbitrary operating system commands by manipulating the IpAddr parameter in the setTools function of /bin/netis.cgi. A public proof-of-concept exploit has been released on GitHub, significantly increasing the risk of active exploitation, though the vendor has not responded to disclosure attempts.

Command Injection Power 15Ax
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy