Home / Vulnerability Intelligence / CVE-2026-4840

CVE-2026-4840 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

Netcore Power 15AX - Command Injection

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

Netcore Power 15AX <= 3.0.0.6938 contains a command injection caused by manipulation of the "IpAddr" argument in /bin/netis.cgi setTools function, letting remote attackers execute arbitrary OS commands, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 15.2%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary OS commands, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 26, 2026

🔥 CVE-2026-4840: HIGH-severity OS command injection in Netcore Power 15AX (≤3.0.0.6938). No patch, public exploit out. Remote code execution possible — immediate mitigation needed! Full compromise risk. Details: https://radar.offseq.com/threat/cve-2026-4840-os-command-injection-in-netcore-powe-abf3a5bc #OffSeq #Netcore #Security #CVE20264840

View original post

Related Resources

Details

CVE ID: CVE-2026-4840
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: new
EPSS: 15.2%
Social Posts: 1

CWE

CWE-77

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

15.2%Probability of exploitation in the next 30 days