Reflected Cross-Site Scripting Vulnerability in IDC SFX Series Satellite Receiver
CVE-2026-28772

5.1MEDIUM

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Sfx Series Superflex Satellitereceiver Web Management Interface
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28772?

A reflected cross-site scripting vulnerability exists in the web management interface of the SFX Series SuperFlex SatelliteReceiver by International Datacasting Corporation. This security flaw is exploited through the /IDC_Logging/index.cgi endpoint, where a remote attacker can send a crafted payload via the submitType parameter. If this payload is executed, it allows the attacker to inject arbitrary web scripts or HTML, reflecting directly in the Document Object Model (DOM) without adequate escaping. This can lead to harmful consequences, including the potential theft of sensitive user data and session cookies.

Affected Version(s)

SFX Series SuperFlex SatelliteReceiver Web Management Interface 101

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28772 Data

JSON