International Datacasting SuperFlex Satellite Receiver OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the web-based Ping diagnostic utility of the International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface, version 101. The vulnerability arises because the application improperly sanitizes the 'IPaddr' parameter, allowing authenticated attackers to circumvent server-side restrictions on semicolons. By using alternative shell metacharacters, such as the pipe operator, attackers can append and execute arbitrary shell commands with root privileges.

Impact

Exploitation of this vulnerability allows for unauthorized execution of shell commands with root privileges on the affected system.

Added: Mar 4, 2026, 8:20 AM

Updated: Mar 4, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Datacasting SuperFlex Satellite Receiver OS Command Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating