Insecure Credentials in IDC SFX Series SuperFlex Satellite Receiver
CVE-2026-28778

7.9HIGH

Key Information:

Vendor: International Datacasting Corporation (idc)
Status: Idc Sfx2100 Superflex Satellite Receiver
Vendor: CVE Published:; 4 March 2026

🔔 Create International Datacasting Corporation (idc) Vulnerability Alert

What is CVE-2026-28778?

The SFX Series SuperFlex Satellite Receiver by International Datacasting Corporation presents a significant security risk due to undocumented and hardcoded credentials for the xd user account. This vulnerability allows a remote, unauthenticated attacker to gain access via FTP using these credentials. The xd user's home directory has write permissions, enabling an attacker to overwrite critical files or manipulate symlinks. This creates a pathway for arbitrary code execution with root privileges, posing serious threats to system integrity and security.

Affected Version(s)

IDC SFX2100 SuperFlex Satellite Receiver SFX2100

References

https://www.abdulmhsblog.com/posts/sfx2100-vulns/

CVSS V4

Score:

7.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28778 Data

JSON