VYPR
Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 5, 2026

Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

CVE-2026-28773

Description

The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacker can bypass server-side semicolon exclusion checks by using alternate shell metacharacters (such as the pipe | operator) to append and execute arbitrary shell commands with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.