Path Traversal Vulnerability in International Datacasting SFX Series Receiver
CVE-2026-28769

5.3MEDIUM

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Sfx Series Superflex Satellite Receiver Web Management Interface
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28769?

A path traversal vulnerability exists in the web management portal of the International Datacasting Corporation SFX Series SuperFlex Satellite Receiver version 101. An authenticated attacker can exploit this vulnerability by manipulating the file parameter within the /IDC_Logging/checkifdone.cgi script. This allows the attacker to traverse directory structures and enumerate arbitrary files on the system's filesystem. The issue arises from the insecure handling of file paths in Perl, enabling attackers to confirm the existence of files by observing the responses from backup operations, depending on the existence of the specified file or directory.

Affected Version(s)

SFX Series SuperFlex Satellite Receiver Web management interface 101

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28769 Data

JSON