CVE-2026-28769

216.73.216.6

· Published 04/03/2026 07:16 · Modified 05/03/2026 06:16

Labels: CVE-2026-28769 2026-03-04 CVE-2026-28769 CWE-22 b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published: 04/03/2026 07:16
Modified: 05/03/2026 06:16
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD: View on NVD

Affected products (CPE)

Product	CPE
international datacasting corporation / sfx series superflex satellite receiver	`cpe:2.3:a:international_datacasting_corporation:sfx_series_superflex_satellite_receiver:101:::::::*`