CVE-2026-28769— LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101

LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101

A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.

N/A

对路径名的限制不恰当(路径遍历)

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface是美国International Datacasting公司的一个卫星接收设备的Web管理后台。 International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 101版本存在安全漏洞，该漏洞源于对文件/IDC_

N/A

N/A