Remote Code Execution Vulnerability in IDC SFX Series SuperFlex SatelliteReceiver
CVE-2026-28775

10CRITICAL

Key Information:

Vendor

International Datacasting Corporation (idc)

Status
Sfx2100 Series Superflex Satellitereceiver
Vendor
CVE Published:
4 March 2026

What is CVE-2026-28775?

An unauthenticated Remote Code Execution vulnerability in the SNMP service of International Datacasting Corporation's SFX Series SuperFlex SatelliteReceiver allows attackers to exploit insecure provisioning of the 'private' SNMP community string, which grants read/write access by default. This security oversight enables remote attackers to execute arbitrary commands with root privileges due to the underlying net-snmp service running in a vulnerable state. The issue arises from the utilization of NET-SNMP-EXTEND-MIB directives, particularly in versions prior to 5.8. Organizations utilizing affected devices should promptly apply any available security patches to mitigate risks.

Affected Version(s)

SFX2100 Series SuperFlex SatelliteReceiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.