CVE-2026-28769
LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101
A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.
| CWE | CWE-22 |
| Vendor | international datacasting corporation (idc) |
| Product | sfx series superflex satellite receiver web management interface |
| Published | Mar 4, 2026 |
| Last Updated | Mar 5, 2026 |
Get instant alerts for international datacasting corporation (idc) sfx series superflex satellite receiver web management interface
Be the first to know when new unknown vulnerabilities affecting international datacasting corporation (idc) sfx series superflex satellite receiver web management interface are published โ delivered to Slack, Telegram or Discord.