OS Command Injection Vulnerability in International Datacasting Corporation SFX Series SuperFlex SatelliteReceiver
CVE-2026-28774

9.3CRITICAL

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Sfx Series Superflex Satellitereceiver Web Management Interface
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28774?

An OS Command Injection vulnerability exists within the web-based diagnostic utility of the IDC SFX Series SuperFlex SatelliteReceiver. This issue permits authenticated attackers to inject arbitrary shell metacharacters into the flags parameter, allowing them to execute system commands with root privileges. Exploitation of this vulnerability poses significant security risks, as it can compromise the integrity and confidentiality of the system.

Affected Version(s)

SFX Series SuperFlex SatelliteReceiver Web Management Interface 101

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28774 Data

JSON