How serious is CVE-2026-28770?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-28770?

CVE-2026-28770 affects datacast sfx2100 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-28770?

To remediate CVE-2026-28770, check for security patches from datacast. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-28770

Medium

|5.3

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an authenticated attacker to inject malicious XML code into the web management interface of a satellite receiver, potentially leading to reflected cross-site scripting (XSS) attacks. The attacker can exploit this flaw by manipulating the `file` parameter in a specific script, which could also open the door for further attacks like XML External Entity (XXE) attacks.

Technical Description

Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the `file` parameter directly into a CDATA block, allowing an authenticated attacker to break out of the tags and inject arbitrary XML elements. An actor is confirmed to be able to turn this into an reflected XSS but further abuse such as XXE may be possible

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 5 days

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 9, 2026

29 days ago

Vendor

datacast

Product

sfx2100 firmware

Related Vulnerabilities

CVE-2026-28775Critical

An attacker can remotely take complete control of the SFX Series SuperFlex Satellite Receiver because it allows unauthorized access to its SNMP service, which is set up insecurely with a default password that gives full access. This vulnerability requires no authentication, meaning anyone can exploit it to run any command on the device as if they were the system's administrator.

CVE-2026-28774Critical

This vulnerability allows an attacker with valid login credentials to run any command on the system with full administrative rights by manipulating a specific setting in the web-based Traceroute tool. If exploited, this could enable the attacker to take complete control of the device and potentially compromise the entire network.

CVE-2026-28773Critical

This vulnerability allows an attacker who is already logged into the web management interface of the SFX Series satellite receiver to run any command on the device with full root access. By cleverly using certain characters in the input, they can bypass security checks and execute malicious commands, potentially taking complete control of the system.

CVE-2026-28772Medium

This vulnerability allows an attacker to run malicious scripts in a user's web browser by sending a specially crafted request to the device's web management interface. It requires the attacker to trick a user into clicking a link that includes the malicious code, which then gets executed without proper checks.

CVE-2026-28771Medium

An attacker can inject malicious code into a webpage that users access through the SFX Series SuperFlex Satellite Receiver, which could allow them to run harmful scripts in the victims' browsers. This happens because the device doesn't properly check the input from users before displaying it, and it requires the victim to click on a specially crafted link to trigger the attack.