22 matches found
CVE-2026-28773
The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...
EUVD-2026-9374
International Datacasting Corporation IDC SFX Series SuperFlexSFX2100 SatelliteReceiver contains hardcoded and insecure credentials for the admin account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leadi...
EUVD-2026-9370
An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-28773
The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...
CVE-2026-29120
Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.
CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root
The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28772
A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...
CVE-2026-28770
CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...
CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769
The CVE concerns IDC SFX Series SuperFlex Satellite Receiver Web management portal (version 101). An authenticated user can abuse the /IDC_Logging/checkifdone.cgi script by manipulating the file parameter to perform directory traversal, enabling enumeration of arbitrary filesystem files. The root...
CVE-2026-28769
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101
A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by International Datacasting. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiver Web...
PT-2026-22871
Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101 Description A path traversal issue exists in the /IDC Logging/checkifdone.cgi script. An authenticated attacker can manipulate...
PT-2026-22873
Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description A Reflected Cross-Site Scripting XSS issue exists in the /index.cgi API endpoint. The application does not...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞
The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...
PT-2026-22874
Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 Description A Reflected Cross-Site Scripting XSS issue exists in the /IDC Logging/index.cgi API endpoint. The issue occurs...