International Datacasting SuperFlex Satellite Receiver OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the web-based Traceroute utility of the International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface, version 101. This vulnerability allows authenticated attackers to inject arbitrary shell metacharacters, such as the pipe operator, into the flags parameter. Exploitation of this vulnerability could lead to the execution of arbitrary operating system commands with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution with root privileges.

Added: Mar 4, 2026, 8:20 AM

Updated: Mar 4, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Datacasting SuperFlex Satellite Receiver OS Command Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating