CVE-2026-28769
Received Received - Intake
Path Traversal in IDC SFX Receiver Allows File Enumeration

Publication date: 2026-03-04

Last updated on: 2026-03-09

Assigner: Gridware

Description
A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-09
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-28769
EUVD
EUVD-2026-9364
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datacast sfx2100_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a path traversal issue found in the /IDC_Logging/checkifdone.cgi script of the International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101.

An authenticated attacker can manipulate the 'file' parameter to traverse directories on the underlying filesystem, allowing them to enumerate arbitrary files.

The vulnerability arises due to insecure Perl file path handling, which enables directory traversal. The backup endpoint confirms the existence of files by indicating success or failure of backup operations based on the file path provided.


How can this vulnerability impact me? :

This vulnerability allows an authenticated attacker to access and enumerate arbitrary files on the device's filesystem.

Such unauthorized file access can lead to exposure of sensitive information, potential leakage of configuration files, credentials, or other critical data stored on the system.

This could compromise the security and integrity of the affected system and potentially facilitate further attacks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart