PT-2026-22875 · International Datacasting · Sfx Series Superflex Satellitereceiver
Abdul Mhanni
·
Publicado
2026-03-04
·
Atualizado
2026-03-05
·
CVE-2026-28773
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions
International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101
Description
The web-based Ping diagnostic utility ('/IDC Ping/main.cgi') is susceptible to OS Command Injection. The application does not securely process the
IPaddr parameter, allowing an authenticated attacker to bypass server-side checks and execute arbitrary shell commands with root privileges by using alternate shell metacharacters, such as the pipe | operator.Recommendations
Apply updates to address the insecure parsing of the
IPaddr parameter in the '/IDC Ping/main.cgi' utility.Exploit
Correção
RCE
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sfx Series Superflex Satellitereceiver