{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28774", "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "state": "PUBLISHED", "assignerShortName": "Gridware", "dateReserved": "2026-03-03T09:59:08.426Z", "datePublished": "2026-03-04T07:22:57.677Z", "dateUpdated": "2026-03-05T05:59:55.331Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SFX Series SuperFlex SatelliteReceiver Web Management Interface", "vendor": "International Datacasting Corporation (IDC)", "versions": [{"status": "affected", "version": "101"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Abdul Mhanni"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges."}], "value": "An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution (RCE) as Root"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "shortName": "Gridware", "dateUpdated": "2026-03-05T05:59:55.331Z"}, "references": [{"url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated OS Command Injection via Traceroute Utility leads to Root RCE", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T19:43:39.474904Z", "id": "CVE-2026-28774", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T19:43:58.843Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-04T19:43:39.474904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T19:43:43.908Z"}}], "cna": {"title": "Authenticated OS Command Injection via Traceroute Utility leads to Root RCE", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Abdul Mhanni"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Remote Code Execution (RCE) as Root"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "International Datacasting Corporation (IDC)", "product": "SFX Series SuperFlex SatelliteReceiver Web Management Interface", "versions": [{"status": "affected", "version": "101"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.abdulmhsblog.com/posts/spfx-vulnrabilities/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.", "supportingMedia": [{"type": "text/html", "value": "An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "shortName": "Gridware", "dateUpdated": "2026-03-04T08:30:47.502Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28774", "state": "PUBLISHED", "dateUpdated": "2026-03-04T19:43:58.843Z", "dateReserved": "2026-03-03T09:59:08.426Z", "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "datePublished": "2026-03-04T07:22:57.677Z", "assignerShortName": "Gridware"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:datacast:sfx2100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C57B6A9-CAF9-4C8A-85FC-562E16F291FE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:datacast:sfx2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A3BC5C9-39D5-4908-B470-A46E9ECFD6AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges."}], "id": "CVE-2026-28774", "lastModified": "2026-03-09T18:24:06.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary"}]}, "published": "2026-03-04T08:16:13.650", "references": [{"source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/"}], "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "101"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SFX Series SuperFlex SatelliteReceiver Web Management Interface", "source": "cna", "vendor": "International Datacasting Corporation (IDC)"}, "product": "sfx_series_superflex_satellitereceiver_web_management_interface", "vendor": "international_datacasting_corporation_(idc)"}], "analysis": {"en": {"generated_at": "2026-04-17T13:14:56.217161+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware patch from International Datacasting Corporation that contains the fix for the traceroute command injection vulnerability.", "If a patch is unavailable, disable the traceroute diagnostic feature via the web interface or block its endpoint using firewall rules", "Restrict web management interface access to administrators, enforce strong authentication, and monitor logs for abnormal traceroute activity"], "summary": {"action": "Patch Now", "impact": "Root privilege execution via OS command injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects International Datacasting Corporation\u2019s SFX Series SuperFlex SatelliteReceiver Web Management Interface, version\u202f101, which runs on the SFX\u202f2100 hardware platform. Users of this specific firmware version are exposed to the risk.", "description_and_impact": "An OS Command Injection flaw exists in the web\u2011based Traceroute diagnostic utility of International Datacasting Corporation\u2019s SFX Series SuperFlex SatelliteReceiver Web Management Interface. An authenticated attacker can inject shell metacharacters into the flags parameter, causing arbitrary operating system commands to run with root privileges. The flaw is a classic CWE\u201178 vulnerability that allows full control over the device\u2019s operating system.", "risk_and_exploitability": "The CVSS score of 9.3 indicates a critical severity, and while the EPSS score is below 1\u202f% indicating a low probability of widespread exploitation, the issue is not listed in the CISA KEV catalog. Attacker must first authenticate to the web management interface, a privilege usually granted to administrators. Once logged in, the attacker can supply malicious input to the traceroute endpoint and execute arbitrary commands with system privileges."}}}}, "created": "2026-03-04T21:04:00.309865+00:00", "updated": "2026-04-17T13:15:19.695159+00:00", "vendors": ["international_datacasting_corporation_(idc)", "international_datacasting_corporation_(idc)$PRODUCT$sfx_series_superflex_satellitereceiver_web_management_interface"]}