This vulnerability affects the diagnostic tool interface of the Netcore Power 15AX router's management web interface. Improper sanitization of the IpAddr argument in the setTools function allows remote attackers to inject and execute arbitrary operating system commands. Public exploit code for this vulnerability has been released, and the vendor has not responded to disclosure requests.
Remediation
Restrict access to the router's web management interface to only trusted internal IP addresses immediately. Since no official patch is available from the vendor, consider replacing the affected router with a supported alternative. Monitor for unauthorized administrative access and unusual outbound traffic from the device.
Exploit info
The exploit has been released to the public (for example, see https://app.opencve.io/cve/CVE-2026-4840 or https://vuldb.com/). | Potential exploit details can be searched in Exploit-DB or GitHub: https://www.exploit-db.com/search?cve=CVE-2026-4840 | https://github.com/search?q=CVE-2026-4840+exploit
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.