Satellite Receiver Vulnerability in International Datacasting Corporation's Product
CVE-2026-28777

9.2CRITICAL

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Sfx2100 Satellite Receiver
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28777?

The SFX2100 Satellite Receiver by International Datacasting Corporation contains a significant authentication vulnerability due to a trivial password for the 'user' account. This weakness allows remote unauthenticated attackers to gain unauthorized SSH access to the device. Upon access, the attacker is initially placed in a restricted shell, but they can easily spawn a full interactive shell, allowing for further exploits and control over the system.

Affected Version(s)

SFX2100 Satellite Receiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28777 Data

JSON