Hardcoded Credentials Vulnerability in International Datacasting Satellite Receiver
CVE-2026-28776

7.8HIGH

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Idc Sfx2100 Superflex Satellite Receiver
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28776?

The International Datacasting Corporation SFX Series SuperFlex Satellite Receiver has a serious security issue due to hardcoded credentials for the 'monitor' account. This vulnerability allows remote, unauthenticated attackers to exploit undocumented credentials for unauthorized access to the device via SSH. Once access is gained, the attacker can easily escape the restricted shell environment, leading to full shell functionality and potentially compromising the entire system.

Affected Version(s)

IDC SFX2100 SuperFlex Satellite Receiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

7.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28776 Data

JSON