CVE-2026-28774

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101

Description An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility. An authenticated attacker can inject arbitrary shell metacharacters, such as the pipe | operator, into the flags parameter. This can lead to the execution of arbitrary operating system commands with root privileges. The vulnerable component is the Traceroute diagnostic utility accessible through the Web Management Interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.