Reflected Cross-Site Scripting Vulnerability in International Datacasting SFX Series SuperFlex Satellite Receiver
CVE-2026-28771

5.1MEDIUM

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Sfx Series Superflex Satellite Receiver Web Management Interface
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28771?

A vulnerability has been identified in the web management interface of the SFX Series SuperFlex Satellite Receiver, specifically affecting version 101. The issue arises from insufficient sanitization of user input in the cat parameter of the /index.cgi endpoint. This flaw enables attackers to inject and execute arbitrary HTML or JavaScript code within the user’s browser, potentially allowing unauthorized access and manipulation of user data. It is crucial for users of the affected product to implement protective measures against this security risk.

Affected Version(s)

SFX Series SuperFlex Satellite Receiver Web Management Interface 101

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28771 Data

JSON